Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Developer Mulls Zero-day Security Response

Posted by CowboyNeal on from the in-the-nick-of-time dept.

1.6 Beta writes "Landon Fuller, the Mac programmer/Darwin developer behind the 'month of Apple fixes' project, plans to expand the initiative to roll out zero-day patches for issues that put Mac OS X users at risk of code execution attacks. The former engineer in Apple's BSD Technology Group has already shipped a fix for a nasty flaw in Java's GIF image decoder and hints an an auto-updating mechanism for the third-party patches. The article quotes him as saying, 'Perhaps [it could be] the Mac OS equivalent to ZERT,' referring to the Zero-day Emergency Response Team."

3 of 94 comments (clear)

  1. Bonzi buddy auto-installer by User+956 · · Score: 5, Funny

    The former engineer in Apple's BSD Technology Group has already shipped a fix for a nasty flaw in Java's GIF image decoder and hints an an auto-updating mechanism for the third-party patches.

    Windows has an auto-updating mechanism for "third-party patches". It's called Internet Explorer.

    --
    The theory of relativity doesn't work right in Arkansas.
  2. Arbitrary patch by MillionthMonkey · · Score: 4, Funny

    Because the vulnerability allowed the execution of arbitrary code within the JVM via any Java applet, Fuller created a temporary patch for Mac OS X.
    Can he write an applet that runs the installer using the vulnerability? That would be really convenient.
  3. Apt-get? by MECC · · Score: 3, Funny

    auto-updating mechanism for the third-party patches.

    He's going to port apt-get to OS X?

    --
    "We are all geniuses when we dream"
    - E.M. Cioran