Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Releases 31 Security Fixes

Posted by kdawson on from the more-secure-than-you dept.

Agram writes, "This week Apple has released fixes for 31 vulnerabilities in its OS, although reportedly a number of known flaws remain un-addressed (according to the instigator of the Month of Kernel Bugs, 'Apple hasn't fixed any of the bugs published during [MoKB], except for the AirPort issue'). Earlier this year, in a move reminiscent of Microsoft's past patching faux pas, Apple released a 'fix' the installation of which broke features unrelated to the targeted flaw. With the growing number of low-level flaws, one has to wonder if Apple's 'more secure' argument still stands. Earlier this month, Microsoft released 6 fixes. Linux does not seem to fare much better. Despite all of these fixes, exploits remain in the wild for each platform. Perhaps, security-wise, the OS choice really boils down to a 'pick-your-poison X user-base' equation?"

6 of 319 comments (clear)

  1. Slashdot by pubjames · · Score: 5, Insightful

    Dear Slashdot editors,

    your readers are all technically literate. Please don't post stories where dumb ideas like "how secure an operating system is = number of potential security holes fixed". That kind of stuff is for pointy haired bosses, not technically literate people.

    Thanks!

  2. Please by daveschroeder · · Score: 5, Insightful

    The issue is having an actual usable vector for mass-propogation, resulting in the massive downtime and recovery time, billions of dollars of lost productivity, and tens of thousands of manhours in remediation. That's not to say no one could ever find some suitable vector for propagation that can strike large numbers of Mac OS X users effectively; just that it's very unlikely for a variety of reasons, not the least of which is that these days, most Mac OS X computers aren't exposed in such a way that anything could effectively spread en masse remotely without user interaction.

    Almost everything relies on some form of user interaction, and yes, these things are still bad, especially ones that take advantage of some shortcoming in the OS. What's laughable about the submission is that it makes it look like it's "bad" that Apple fixed oh-so-many vulnerabilities, and then complains that it's not fixing enough. Apple does fix issues reported to them, period. And yes, we all have stories about this or that outstanding bug or vulnerability that is still open, but Apple has markedly, hugely improved, mostly because of listening to feedback from customers, particularly enterprise customers, in the security arena. It does have a way to go, and whether or not any fix is "fast enough" will always be subjective.

    No one sane ever said Mac OS X was invulnerable. It has bugs and vulnerabilities like any OS. Apple responds to them. Someone will always think they're not responding fast enough, or correctly, or what have you, but the fact remains that Mac OS X has been on the market for over 5 years, and there has yet to be any substantial issue that has been exploited on any scale. And no, it's not exclusively because of marketshare.

    1. Re:Please by daveschroeder · · Score: 5, Insightful

      I don't care if the "average Mac user" thinks that Mac OS X has no bugs, is invulnerable to everything, and will dance a jig if they ask.

      Effectively, for almost all desktop users in any environment, Mac OS X is much more secure, much less attacked, and much safer to use from a malware perspective, for almost all average users, period. Some of the reasons are due to marketshare, some are helped in part by marketshare, some are because of architectural decisions, and some are a mix of multiple reasons. But regardless of what someone "thinks", Mac OS X is still a manifestly safer OS for an "average user", and there is simply no disputing that.

      If you want to get people to understand that even Mac OS X has bugs, great. (Duh?) If you simply want to make stupid people no longer stupid, that probably won't work. The average person doesn't care. All the average person knows, when they make the switch for example, is that their Windows box was packed with spyware and adware and then "got slow" and had multitudes of typical Windows problems that typical people have, and they don't have the same problems with their Mac.

      Do Macs have problems and bugs and vulnerabilities? Yes. Will anyone win the pissing match of "which one is better" when it's not done for any reason other than to be a pissing match, like this article seems to be doing? No.

  3. Re:Attacks Still Low by femtoguy · · Score: 5, Insightful

    I think that it is pretty simple. It is not the number of security bugs that is the issue, it is their severity, and their remote exploitability. Despite the statistics from the article, my department (which has 500 computers, with a mix of windowsXP, OSX and Linux) has had not a single security breach of a Linux or OSX system, but lots of breaches of Windows systems. Part of it is that the OSX and Linux security problems are situations where a local user can escalate his priveledges, something which is serious, but does not necessarily cause security problems. The other part of it is that the worst WindowsXP security breaches come through ad- and spy-ware that come from routine web surfing. This is not considered a bug in WindowsXP (if we just classed ActiveX and IE as security problems, we would have to list that as a windowsXP bug every month/day/week, and the numbers would change pretty quickly).

    Anyway, as we all know, don't trust statistics because 82.35% of statistics are made up on the spot.

  4. Exactly by sterno · · Score: 5, Insightful

    If an exploit does nothing more than let you play solitare someplace you shouldn't, then it doesn't matter. And the thing is, even if OS X is only as secure as Windows (which I'd dispute), it's still good for overall security of the Internet. One of the biggest problems with the Internet today is that if 95% of the computers run one operating system, it becomes easier to write exploits that affect the majority of people.

    On the other hand, if 50% of the people were running OS X, then no exploit could harm more than half the people at any given time. So in the long run, perversely, OS X is beneficial to the security of Windows.

    --
    This sig has been temporarily disconnected or is no longer in service
  5. Re:Attacks Still Low by Anonymous Coward · · Score: 5, Informative

    Any program files that might have a negative impact on the OS X system must be authorized with the Admin password.

    Wrong. The attacker can simply use a privilege escalation exploit.