As we noted last week, included in Apple’s iPhone Software version 1.1.1 update were several security fixes for the phone’s Bluetooth, Mail, and Safari software. According to a Computerworld report, this drew the ire of security analysts, who believe that vendors should separate functionality and security updates, especially when the update may have unwanted consequences for some users.
“With the iPhone update, Apple is now producing a fear of taking their patches,” said Andrew Storms, director of security operations at nCircle Network Security Inc. “If they release a functionality update and security fixes at the same time in the future, some users will think twice about applying it.” Garter Inc.‘s John Pescatore added, “There should definitely be a separation between security and functionality.
Users shouldn’t be forced to accept new functionality to get security fixes.” Apple has traditionally offered a mix of standalone security updates and bundled security fixes for its Mac OS X operating system.