Flaw Found in Apple Bug-Fix Tool

eldavojohn writes "The Month of Apple Bugs (MOAB) is well under way with a startling bug released Monday. From the description: 'Application Enhancer (APE) is affected by a local privilege escalation vulnerability which allows local users to gain root privileges.' APE is the same software used to deploy fixes during 'The Month of Apple Fixes' (MOAF). I know it's confusing but MOAB came first and MOAF was a developer's answer to the bugs — after all, the purpose of posting bugs is to have them identified, confirmed and eradicated. The article talks about potential remote root access by an intruder. Note that this is third party software that all of the bugs seem to be stemming from. I guess Apple has made a fairly secure system but they can't expect all third party developers to follow the same rigorous standards."

Story at 11

[teratogenicbenzene]

So, this is the best MOAB has to offer? A security bug in a third-party "enhancement"?

This is scaremongering at its best. Nothing to see here, move along.

Re:If you use APE you don't mind bugs

[dogfriend]

Yes, my initial thought on using APE was: Its very cool of them to patch the bugs, but I'm not going to install APE on my system. A couple of years ago I read some info on APE that outlined how it modifies the system and because of that it is a potential security risk.

APE has a bug??? I'M SHOCKED!!! SIMPLY SHOCKED!!!

I'm surprised APE doesn't spontaneously mutate into a backdoor shell on port 6666 SIMPLY THROUGH A COINCIDENCE OF CODING ERRORS.

Seriously, if you're using APE, get it off your Mac NOW.