They do have a bigger issue. The bigger issue is that they're releasing an entire operating system, with 15 years or so of accumulated cruft and process. And it's not just a one line change... they need to understand the implications of the bug across their system and create regression tests to catch all those corner cases, then do the "one line change" and properly regression test it everywhere.
Again, this isn't some little web site. This is a piece of software that thousands of programmers have worked on for more than a decade, millions of lines of code with a tremendously complex build, testing, release, and approval system.
And finally, Apple's primary concern isn't that a handful of customers might be exposed to risk for a couple of extra days. It's that they botch the rollout of a major security patch and have to re-release, or customers are victimized by new bugs as part of the patch. That sort of thing can cost them billions in market punishment.
What? It's a one-line, clearly understood bugfix. (The extra goto wasn't there in 10.8.x and that hasn't caused any problems) Rebuild the library, spend a few days regression testing at least software update so you can re-push another update, and ship it at the same time as the ios and appletv fixes!
You don't spend a week holding the fix hostage so you can fine tune a new os release with "improvements to autofill forms" in safari while script kiddies are running wild with mitmproxy.
Also I would think that a full ios+appletv OS release is much more complicated than an OSX release due to the way the mobile OSes are packaged (probably 10+ unique/model restore images plus delta downloads)
Again, this isn't some little web site. This is a piece of software that thousands of programmers have worked on for more than a decade, millions of lines of code with a tremendously complex build, testing, release, and approval system.
And finally, Apple's primary concern isn't that a handful of customers might be exposed to risk for a couple of extra days. It's that they botch the rollout of a major security patch and have to re-release, or customers are victimized by new bugs as part of the patch. That sort of thing can cost them billions in market punishment.