The Story of a Simple and Dangerous OS X Kernel Bug

RazvanM writes "At the beginning of this month the Mac OS X 10.5.8 closed a kernel vulnerability that lasted more than 4 years, covering all the 10.4 and (almost all) 10.5 Mac OS X releases. This article presents some twitter-size programs that trigger the bug. The mechanics are so simple that can be easily explained to anybody possessing some minimal knowledge about how operating systems works. Beside being a good educational example this is also a scary proof that very mature code can still be vulnerable in rather unsophisticated ways."

Re:Less vulnerabilities? Yeah, right!

[benjymouse]

All studies analyzing security vulnerability reports or released patch sets as a measure of OS security simply prove that the researcher is a fucking idiot. It's IMPOSSIBLE to measure security in this way because you are comparing lawn tractors to jet skis.

That is right. It is much better to rely on Apple adds to get the "real picture". Because we all just "know" that OS X is secure by design, that it is immune to viruses and stupid users.

Instead of any form of metric let's just vote who's secure and who's not. Better yet - let's leave it to the blogosphere and biased forums.

Or maybe you should read the IBM report on "the economics of exploits".

Re:Still get the kernel panic on Tiger

[ygslash]

Why did you hold of for so long? I'm genuinely curious. Not knowing anything else, if I were you I would have upgraded as soon as the Leopard/iWord/iLife boxed set were released at the absolute latest.

This is my first Mac, I'm really a Linux guy. So I was naive enough to look at the feature list and reviews for Leopard, and decide that it wasn't worth $120 for an upgrade I just didn't need. Why slow down my machine and fill up my hard disk for upgrades to apps I don't use, and a shiner GUI than one that is already far shinier than what I need? And after all, Tiger is still officially supported.

Ha. Silly me.

Real Mac users just upgrade when told to and don't ask any questions.