Slashdot Mirror
Worm Threat Forces Apple To Disable Software?
SkiifGeek writes "After the debacle that surrounded the announcement and non-disclosure of a worm that targets OS X, the vulnerability in mDNSResponder may have forced Apple to remove support for certain mDNSResponder capabilities with the recently released Security Update 2007-007. 'Seeming to closely follow the information disclosed by InfoSec Sellout, Apple's mDNSResponder update addresses a vulnerability that can be exploited by an attacker on the local network to gain a denial of service or arbitrary code execution condition. Apple goes on to identify that the vulnerability that they are addressing exists within the support for UPnP IGD... and that an attacker can exploit the vulnerability through simply sending a crafted network packet across the network. With the crafted network packet triggering a buffer overflow, it passes control of the vulnerable system to the attacker. Rather than patching the vulnerability and retaining the capability, Apple has completely disabled support for UPnP IGD (though there is no information about whether it is only a temporary disablement until vulnerabilities can be addressed).'"
Researchers find hole, Fanboi's defend Apple. Company can't be sure that they've fixed hole, so they temporarily disable the reportedly-vulnerable function. Fanboi's defend Apple again.
Then Fanboi's go and mod me down to obscurity.
...EXCUSE CITY!
And queue the Mac Zealot Military Unit (MiZiMU) to issue death threats to said (fictional-)worm writer.
Just because you mark it flamebait doesn't make it less true.
Agreed. Who cares if anyone on your network can run code on your computer? As long as there aren't enough Macs to sustain a worm Macs are secure.
// MD_Update(&m,buf,j);