Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Apple Orchestrated Attack On Researchers

Posted by kdawson on from the no-way-to-win-friends dept.

An anonymous reader sends us to George Ou's blog on ZDNet for a tale of how Apple's PR director reportedly orchestrated a smear campaign against security researchers David Maynor and Jon Ellch last summer. Ou has been sitting on this story ever since and is only now at liberty to tell it. He posits that the Month of Apple Bugs was a direct result of Apple's bad behavior in the Maynor-Ellch affair. From the blog: "Apple continued to claim that there were no vulnerabilities in Mac OS X but came a month later and patched their Wireless Drivers (presumably for vulnerabilities that didn't actually exist). Apple patched these 'non-existent vulnerabilities' but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple's behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification. The end result is that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007 including last week's megapatch of 45 vulnerabilities."

2 of 389 comments (clear)

  1. Re:So I don't get it... by LO0G · · Score: 5, Informative

    From the list (http://projects.info-pull.com/moab/):
    1 and 3 were in quicktime (an apple product, but not Mac specific)
    4 was in iLife (mac specific)
    9, 10, 11, 12, and 13 were related to loading .DMG files, which are Mac specific.
    14 was in appletalk
    15 was in the permissions on the /Applications directory
    23 was in QuickDraw (mac specific)
    24 was in the Mac auto-update logic
    28 was in the crash dump handling logic
    29, and 30 were in various Mac specific utilities (iChat, Safari, HelpViewer).

    I don't think that's "a significant minority". By my guestimate, 5 of the 30 were in 3rd party apps.

  2. Re:So I don't get it... by Anonymous Coward · · Score: 5, Informative

    31 issues, of which:

    23 in software by Apple
    1 in software by Adobe
    1 in software by Insanity LLC.
    1 in software by Videolan
    1 in software by The Omni Group
    1 in software by Javelin.cc
    1 in software by Maxum Development
    1 in software by Panic Inc.
    1 in software by Telestream/Microsoft

    31 issues, of which:

    17 in OS X
    8 in third party apps not installed by default
    3 in Apple apps installed by default
    2 in a third party app for OS X and Windows, not installed by default
    1 in an Apple app not installed by default
    1 in an Apple app for OS X and Windows