Mozilla Scrambles to Get Firefox Ready for Mac OS Mountain Lion
Apple also reminds developers of June 1 deadline to sandbox programs for the Mac App Store.
We must have a signed and released Firefox out there before the general public starts upgrading [to Mountain Lion] and we've been working hard to make that happen as soon as possible.Ben HearsumFirefox Release Manager, Mozilla
Mozilla is scrambling to craft a code-signed version of Firefox for the Mac in case Apple launches OS X 10.8, or Mountain Lion, early.
In February, Apple announced that Mountain Lion will include a new feature, dubbed "Gatekeeper," that will restrict which applications users can install on their machines.
By default, Gatekeeper will let users install only programs downloaded from the Mac App Store or those digitally signed by a registered developer.
Mozilla said it was laboring on meeting the second requirement, and hoped to wrap up the work for Firefox 13 by May 25.
Firefox 13 is now slated to ship June 5.
"We must have a signed and released Firefox out there before the general public starts upgrading [to Mountain Lion] and we've been working hard to make that happen as soon as possible," wrote Ben Hearsum, a release engineer at Mozilla, in a blog post.
According to Hearsum, the only thing left on the to-do list is to untangle the access restrictions to Mozilla's Apple developer account.
Because Firefox is not distributed via the Mac App Store, downloads must be code-signed before Mountain Lion appears. While Apple has said that it will ship OX S 10.8 in "late summer," hints have appeared on Mac-centric blogs and in the shipping cadence of the three developer previews that point to a June delivery of the operating system.
"We don't know exactly when 10.8 will be released to the public but some have speculated that it could be as early as the week of June 11th at WWDC 2012," Hearsum said, referring to Apple's Worldwide Developers Conference, which runs June 11-15 in San Francisco.
Apple has categorized Gatekeeper as a new security precaution that insures it can track down developers of rogue software submitted to -- and accepted by -- the Mac App Store.
Some, however, have criticized the feature because even if Apple revokes an application's certificate, the software remains on Macs and can continue to run. Others have noted that it will not stymie malware like Flashback, which relied on exploiting a known Java vulnerability to plant itself on hundreds of thousands of machines.
Other Apple-mandated deadlines are also fast approaching.
Last week, Apple emailed registered Mac developers with a reminder of the impending June 1 deadline for "sandboxing" applications sold or distributed through the Mac App Store. Apple had postponed the sandboxing deadline several times, most recently in March when it extended it to June 1.
Some developers have already sandboxed their software but others have announced they'll opt out of Apple's distribution channel.
Only new applications submitted to the Mac App Store starting June 1 must be sandboxed; programs already in the e-mart are not held to the requirement, although upgrades will be.
For Mac apps, sandboxing places tighter controls on what they can access from OS X and other apps. Theoretically, that makes those applications more secure, since malware exploiting a vulnerability in that program will have a more difficult time -- or find it impossible -- to access the operating system to plant attack code on the Mac.
Some developers have already sandboxed their software -- AgileBits, for example, has sandboxed the version of its popular 1Password password manager that's sold through the Mac App Store -- but others have announced they'll opt out of Apple's distribution channel.
Atlassian, for instance, which creates the developer tool SourceTree, has said that it is "not currently planning on submitting any more updates to the Mac App Store" because of the sandboxing restrictions.
Cyphort and Juniper Networks have announced a partnership to deal with advanced security threats.
Telco and IT services company, Telstra, has launched what it calls Asia's first Software-Defined Networking (SDN) platform, which will be made available to its customers globally. The move follows the company's recent acquisition of Pacnet.
Mobile users in the US are 1.3 times more likely to be struck by lightning than malware, new research has found.
Only 46 percent of organizations have confidence that their security teams can respond to complex threats, according to a new study by ISACA.