Apple breaks Mac security again by not playing well with others

Due to poor communication, users must either wait to apply Apple's security patch or stop using PGP Whole Disk Encryption

PGP, now owned by Symantec, has issued a warning to Mac users of PGP Whole Disk Encryption that they should not apply the Mac OS X Snow Leopard 10.6.5 update, a massive patch that fixes more than 130 vulnerabilities. "Compatibility issues may prevent the system from successfully booting," the company said in its advisory. The U.S. Computer Emergency Response Team and several security companies also warned Mac users not to update.

This is not the first time Apple and PGP have left Mac users hanging. The company's previous version of Whole Disk Encryption for the Mac did not work well with the original Snow Leopard upgrade, causing a similar potential data-loss problem. PGP users had to wait until January 2010 and purchase the next version of its software to resolve the issue.

It's an issue that both PGP and Apple should be working toward resolving. Whole-disk encryption is a key security technology, especially for mobile corporate users. Yet the two companies seem to lack any effective channel of communication to prevent show-stopping issues.

In the latest update to its advisory, PGP stressed that previous versions of the patch did not trigger the problem that the final update caused.

"The PGP Engineering team tested every version of the early developer release of the update provided by Apple to PGP Corporation -- no conflicts were found," the company states. "However, we identified after the release of the upgrade that Apple's software update bypasses the protections PGP Corporation has put around (PGP's boot) file."

For the lion's share of users -- consumers and small and medium-sized businesses -- the release of an update for their operating system should not require any thought; they should automatically download it. Criminals have proven far too often that they can quickly push exploits out to take advantage of recently patched flaws. High-quality patches should be a matter of course in these times, and part of that should be testing against common software. 

PGP is not the first company to run afoul of the patching process. In the past, Microsoft has had its share of problems, although in proportion to the number of updates the company publishes, the issues have been uncommon. Microsoft has made significant headway in improving patch reliability, barring a recent incident, in large part because it plays well with third-party developers.

It's time for Apple and PGP to do the same. A lack of communication hurts both companies and their users.

This article, "Apple breaks Mac security again by not playing well with others," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Join the discussion
Be the first to comment on this article. Our Commenting Policies