Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Story of a Simple and Dangerous OS X Kernel Bug

Posted by timothy on from the chink-in-the-armor dept.

RazvanM writes "At the beginning of this month the Mac OS X 10.5.8 closed a kernel vulnerability that lasted more than 4 years, covering all the 10.4 and (almost all) 10.5 Mac OS X releases. This article presents some twitter-size programs that trigger the bug. The mechanics are so simple that can be easily explained to anybody possessing some minimal knowledge about how operating systems works. Beside being a good educational example this is also a scary proof that very mature code can still be vulnerable in rather unsophisticated ways."

11 of 230 comments (clear)

  1. But it's not Windows! by ynososiduts · · Score: 3, Funny

    I call fake. It's OS X! It's bullet proof! Steve Jobs would not let this happen! Macs are immune to crashes! Et cetera!

    --
    622677120
    1. Re:But it's not Windows! by Bromskloss · · Score: 5, Funny

      You know, at this point there are probably about a thousand times as many people whining about this supposed attitude on the part of Mac users than there are Mac users actually displaying it.

      But that's perfectly in order, isn't it? There have been many more people complaining that Hitler was a bad guy than there has been Hitlers.

      (*knock, knock*
      - Who's there?
      - Godwin.)

      --
      Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
    2. Re:But it's not Windows! by TheRaven64 · · Score: 4, Funny

      Godwin's law talks about the probability of a discussion involving someone being compared to Hitler. You didn't compare someone to Hitler, you compared comparing someone to someone to comparing someone to Hitler. This is not a Godwin, it's a meta-Godwin.

      --
      I am TheRaven on Soylent News
    3. Re:But it's not Windows! by donaggie03 · · Score: 5, Funny

      Why can't you let us have our Godwin fun, you Hitler!

      --
      Three days from now?? Thats tomorrow!! ~Peter Griffin
    4. Re:But it's not Windows! by Lars+T. · · Score: 3, Funny

      So was I! But my Mac crashed in the middle of my post so someone else beat me to it while I waited for Windows to boot!

      So it took Windows over 10 hours to boot?

      --

      Lars T.

      To the guy who modded me down from perfect to terrible Karma - Apple haters still suck

  2. Re:Age is irrelevant, resistance is futile. by Kjella · · Score: 4, Funny

    Well... I think that depends a lot on the reason why it's old code. I've met my share of code with the warning "There be dragons!".

    --
    Live today, because you never know what tomorrow brings
  3. Oh god by clarkkent09 · · Score: 5, Funny

    This article presents some twitter-size programs that trigger the bug.

    Ok, I get libraries of congress and olympic-sized swimming pools, but twitter is a new one. Is it used for measuring how long a program is or how pointless it is?

    --
    Negative moral value of force outweighs the positive value of good intentions.
    1. Re:Oh god by Anonymous Coward · · Score: 1, Funny

      You forgot 'or how dangerous it is?'.

    2. Re:Oh god by Anonymous Coward · · Score: 5, Funny

      The comparison was simply to (successfully) annoy those of us who are /still/ ignoring everything we can about twitter. I briefly considered checking wikipedia to see how small that was, but there were some kids on my lawn.

  4. Re:I'm a Mac by Daniel+Dvorkin · · Score: 5, Funny

    So this means we can take those idiotic commercials off the air, right?

    When there's as much malware for OS X as there is for Windows, sure.

    Okay, I'll make it easy. When there is a tenth as much malware for OS X as there is for Windows, sure.

    Hmmm, this isn't working. When there's a hundredth as much ... um, no, that doesn't work either.

    A thousandth -- no, damn.

    You get the idea. Or maybe you don't.

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
  5. Re:4 fscking years by Anonymous Coward · · Score: 4, Funny

    Oh look, I think it's trying to communicate, perhaps we can find a translator. Does anyone speak yiddiotish?