One of the arguments in favour of vendor-controlled app stores (such as those run by Apple for the Mac or Microsoft for Windows 8) is that they make systems more secure by ensuring all apps are vetted. But those stores also create a fresh security issue: because they control the process of updating apps, you won’t always get security fixes as quickly, and it becomes much harder to control deployment across business environments.
Sophos’ Naked Security blog points out that while Opera update its Mac version this week to version 12.13, the Mac App Store is running two versions behind at 12.11. Because Apple’s approval process is hard to predict, there’s no telling when the App Store version will be updated. As Sophos’ Graham Cluely points out:
[Apple’s] promise that the App Store “keeps track of your apps and tells you when an update is available” and that “you’ll always have the latest version of every app you own” a joke.
Complacency is the enemy of security. On your own machines and in workplace environments, the update process needs to be speedy and predictable to minimise risk.