If you are using the Apple Mac App Store you might be putting your computer’s security at risk.
That’s the finding of security researcher Joshua Long who has warned that the App Store has not published the latest versions of various applications, despite the fact they can include critical security updates.
Here’s part of Long’s warning:
Third-party Web browser maker Opera has released version 11.11 of its software, which fixes a "critical" security issue.
Mac users who have downloaded Opera through the App Store may find themselves using a copy of Opera that is now two versions old, 11.01, which was released back in March and is vulnerable to the security bug patched in 11.11.
Users who rely on the App Store to tell them whether their software is up-to-date may not be aware of the security risks and may continue to use an unsafe version of the Opera browser.
Long says that he contacted Apple and Opera about the issue. Opera replied saying that they were waiting on Apple to approve the next version of Opera for Mac (Apple’s approval is necessary before anything gets posted in the Mac App Store).
Put in simple terms, Apple seems to be falling short of the promise it makes in its promotion of the App Store that it “keeps track of your apps and tells you when an update is available” and that “you’ll always have the latest version of every app you own.”
And, it appears, that Opera is not the only application in the Mac App Store that is out-of-date and might be vulnerable to security flaws. Long points out that Amazon’s Kindle app in the App Store, for instance, hasn’t been updated since January.
So, the key question is, how quickly is Apple going to approve the latest Opera update, and other software which might have been updated to secure against critical security vulnerabilities, for the App Store?
Because if Apple can’t update software containing critical security patches to the App Store in a timely fashion, users might be wiser getting their software via a more conventional route – such as (in the case of Opera) a direct download from the vendor’s own website.