Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw Found in Apple Bug-Fix Tool

Posted by ScuttleMonkey on from the month-of-bug-creation dept.

eldavojohn writes "The Month of Apple Bugs (MOAB) is well under way with a startling bug released Monday. From the description: 'Application Enhancer (APE) is affected by a local privilege escalation vulnerability which allows local users to gain root privileges.' APE is the same software used to deploy fixes during 'The Month of Apple Fixes' (MOAF). I know it's confusing but MOAB came first and MOAF was a developer's answer to the bugs — after all, the purpose of posting bugs is to have them identified, confirmed and eradicated. The article talks about potential remote root access by an intruder. Note that this is third party software that all of the bugs seem to be stemming from. I guess Apple has made a fairly secure system but they can't expect all third party developers to follow the same rigorous standards."

3 of 168 comments (clear)

  1. Re:Story at 11 by paulpach · · Score: 5, Insightful

    So, this is the best MOAB has to offer? A security bug in a third-party "enhancement"? No, the best they have to offer are vulnerabilities in quicktime, iPhoto, Disk Management, Finder which are apple products. Why CNet and slashdot chose to report on this particular vulnerability, which to many is the least important in the list, is a mistery to me.
  2. Re:Story at 11 by 93+Escort+Wagon · · Score: 5, Insightful

    "No, the best they have to offer are vulnerabilities in quicktime, iPhoto, Disk Management, Finder which are apple products. Why CNet and slashdot chose to report on this particular vulnerability, which to many is the least important in the list, is a mistery to me."

    Look, while they have included some legitimate bugs it's pretty obvious the project is flailing around somewhat, given that it's only the 10th of "MOAB". In addition to the APE flaw, they've included a VLC flaw and an OmniWeb flaw - neither of which is part of OS X nor installed on any stock Apple box. Additionally they've included a PDF flaw, which isn't even specific to OS X! That's just plain silly.

    --
    #DeleteChrome
  3. Re:Story at 11 by peragrin · · Score: 4, Insightful

    so out of 10 days in this month so far only 4 have been Apple security bugs. So far 40% have been holes that are apple's fault.

    I don't know about you, but if some one found a bug in Windowblinds, or some other Windows skinning app, and said it was MSFT's fault then I would be suspicious too.

    Also there is a bug in VLC. how is a VLC player bug that is also found in the windows and linux versions an "apple" bug.

    If it's an apple product by all means go for it. But no one blames MSFT for bugs in Lotus Notes.

    --
    i thought once I was found, but it was only a dream.