Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw Found in Apple Bug-Fix Tool

Posted by ScuttleMonkey on from the month-of-bug-creation dept.

eldavojohn writes "The Month of Apple Bugs (MOAB) is well under way with a startling bug released Monday. From the description: 'Application Enhancer (APE) is affected by a local privilege escalation vulnerability which allows local users to gain root privileges.' APE is the same software used to deploy fixes during 'The Month of Apple Fixes' (MOAF). I know it's confusing but MOAB came first and MOAF was a developer's answer to the bugs — after all, the purpose of posting bugs is to have them identified, confirmed and eradicated. The article talks about potential remote root access by an intruder. Note that this is third party software that all of the bugs seem to be stemming from. I guess Apple has made a fairly secure system but they can't expect all third party developers to follow the same rigorous standards."

8 of 168 comments (clear)

  1. A HA! by Thansal · · Score: 5, Funny
    I guess Apple has made a fairly secure system but they can't expect all third party developers to follow the same rigorous standards.


    I see it now. This entire MOAB thing is just there to tout how great and secure Apple Products are, and that the only bugs possible HAVE to come from 3rd party software!

    It is all a plot by Jobs!

    A PLOT I TELL YOU!

    [/psycho]
    --
    Do Or Do Not, There Is No Spoon, There Is Only Zuul. Everything in the above post is probably opinion.
  2. Well, well, well by Anonymous Coward · · Score: 3, Funny

    What do you have to say for yourselves now, Apple fanboys? With this glaring bug, coupled with the other devastating bugs, it now is clear that your smug castle is crumbling. Maybe it's time to give the rock-solid Vista another chance, no?

  3. Instead ... by Salvance · · Score: 5, Funny

    Rather than just tell people not to use APE, Landon Fuller (who reported this bug on his blog), should have written an APE SHell Investigative Tool to help people find and fix this error.

    Technology needs more catchy acronyms

    --
    Crack - Free with every butt and set of boobs
  4. MOAB by dr_strang · · Score: 2, Funny

    Does that make it the Mother Of All Bugs?

    --
    This is a sig. It is like every other sig in the world, except that it is mine, and it is different.
  5. Bugs in apples.. by FrostyCoolSlug · · Score: 4, Funny

    When I find a bug in my apple, I throw it away..

  6. Re:Story at 11 by Moofie · · Score: 2, Funny

    "Where did you get that idea?"

    Um, from the title of the "project", which is "Month Of Apple Bugs". Golly, how could I possibly have been mislead?

    --
    Why yes, I AM a rocket scientist!
  7. Re:Story at 11 by profplump · · Score: 2, Funny

    While there are some valid bugs listed, the Disk Management one basically says "anyone in the admin group can arbitrarily set file permissions". I don't know about you, but given that the admin group has, by design, unrestricted access to `sudo` I wouldn't consider their ability to set file permissions in a convoluted way a very serious security threat.

    The report talks about the ability to change permissions and then use those changed permissions to run programs as root. Maybe it's just me I'm pretty sure it would be easier to just type `sudo su` followed by your password. Follow that with `rm -f /var/log/asl.log` and you'll even delete the evidence.

  8. In the words of Walter Sobchak: by Night+Goat · · Score: 2, Funny

    "Fuck it dude, let's go bowling."

    Reading that summary as a Mac user, I just can't be bothered to sort all of this out.