[ef4]

Why the hell would Apple publish the vulnerability & fix for iOS without a concurrent update to OS X?!

[NelsonMinar]

It's common security practice to release the exploit before the bug is patched in the OS. Oh wait, no, the opposite of that. Unless you're Apple. I'm very angry.

[gress]

Presumably because the vulnerability is already known outside of Apple, and it's better not to hold back the iOS patch while they get the OSX patch done.

[smnrchrds]

How hard is it to get the patch done? Isn't it, like, removing one line?

[cantfindmypass]

Yes, removing one line would fix it.

[cantfindmypass]

It became widely known outside of Apple due to the iOS patch.

[gress]

How do you know they hadn't already seen it exploited in the wild?

[cantfindmypass]

I don't know - I can't imagine that nobody on their security team pointed out that someone would promptly reverse engineer the patch and figure out that OS X is also vulnerable.

[praseodym]

And having the source code available made that even easier.

[rch]

I haven't upgraded to Mavericks, and I haven't been able to replicate the bug. I've been applying other updates, everything except Mavericks, all along.

[chmars]

The deployment on iOS was not very active either. I learned about the 'bug' through online sources and I had to initiate the iOS update myself.

[raverbashing]

OSX 10.8.5 here, Safari not vulnerable according to the site

[brymaster]

This bug was introduced in Mavericks.

[raverbashing]

Can't say I'm surprised

The reason I'm in 1.8.5 is because I upgraded to Mavericks, but one of their updates forced me to recover from Time Machine (which wasn't as smooth as I expected)