Slashdot Mirror

← Back to Stories (view on slashdot.org)

BBC Writer Responds To Mac Security Critiques

Posted by Zonk on from the gentle-word-for-flames dept.

minimunchkin writes "BBC Correspondent Bill Thompson responds to the flaming he received for an article on the vulnerabilities in Mac security. He knows that there are no Mac OS X viruses in the wild, and he doesn't believe there ever will be." From the article: "However the wider point, that there are exploitable vulnerabilities and sometimes Apple puts them there, remains. Even if I'm careful to apply updates when they are made available, some people might not and their systems could be compromised. And there is always a gap between the discovery of an issue and an available fix, a gap which could be exploited. "

5 of 306 comments (clear)

  1. Re:The Rules by Bazzalisk · · Score: 2, Informative

    As a white male from a poor background I can discuss discrimination a bit at least ;)

    --
    James P. Barrett
  2. Re:OS Vulnerabilities by prockcore · · Score: 4, Informative

    Oddly enough I have yet to see a vulnerability in a major Apple implemented library.

    That's because your rose colored mac-glasses filter them out.

    There are a bunch of vulnerabilities listed there that are from Apple implemented libraries.

    Some of the really bad ones ("arbitrary code execution"):

    CoreFoundation: Resolving a maliciously-crafted URL may result in crashes or arbitrary code execution

    Quicktime: A heap buffer overflow could allow attackers to execute arbitrary code

    QuickDraw Manager: Viewing a maliciously-crafted PICT image may result in arbitrary code execution.

    AppKit: Opening a malicious, rich text file could lead to arbitrary code execution.

    AppKit: Opening a maliciously crafted Microsoft Word .doc file could result in arbitrary code execution.

    The JavaScript engine in Safari uses a version of the PCRE library that is vulnerable to a potentially exploitable heap overflow.

    WebKit contains a heap overflow that may lead to the execution of arbitrary code.

    Clicking on a link in a maliciously-crafted PDF file in Safari could lead to arbitrary command execution.

    And those are just from the past 4 months!

  3. Re:The Rules by Anonymous Coward · · Score: 1, Informative

    white male in a discussion on discrimination.

    until you consider "Affirmative action" which is legal descrimination

  4. Re:It does matter by cmdrbuzz · · Score: 4, Informative
    As I understand it, any user on an OSX system can use sudo.

    You have to be a member of the admins group in order to use sudo on OS X.
    Ordinary users don't get to play.

  5. Re:That's a naive statement... by Bazzalisk · · Score: 2, Informative

    It would be a lot of work. UNIX style security settups are not very friendly for Worm writers.

    --
    James P. Barrett