Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Patches Massive Holes In OS X

Posted by timothy on from the well-it-wouldn't-be-polite-to-patch-windows dept.

Trailrunner7 writes with this snippet from ThreatPost: "Apple's first Mac OS X security update for 2010 is out, providing cover for at least 12 serious vulnerabilities. The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site." Hit the link for a list of the highlights among these fixes.

11 of 246 comments (clear)

  1. Re:Twelve? by mjschultz · · Score: 5, Insightful

    Apple's own security update page (http://support.apple.com/kb/HT4004) lists these six, where did Threatpost author get the number 12 from?

    The Flash update is actually 7 vulnerabilities.

  2. Re:Cover your eyes by amicusNYCL · · Score: 4, Insightful

    You just couldn't wait to post that, could you? FYI: every piece of software needs updates, and there is still always one piece of software that will be more secure than the others. I don't know if OSX is more secure than Windows 7, but both of them will continue to receive updates, that fact doesn't make either of them less secure.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  3. Re:Cover your eyes by e2d2 · · Score: 3, Insightful

    Windows 7 can still be targeted by a IE bug that's been in place since IE6. Safari doesn't have zero day bugs *that* old

    How would you know? Zero-day means a non-public exploit.

  4. Re:Twelve? by Graff · · Score: 5, Insightful

    The Flash update is actually 7 vulnerabilities.

    Moral of this story:
    Avoid Flash and you can cut the amount of vulnerabilities approximately in half!

    --
    Sapere aude!
  5. Re:Must be running bootcamp by recoiledsnake · · Score: 3, Insightful

    It's interesting that many of these(like the image exploits) can be triggered by just browsing to a website(like the IE6/Google/China fiasco) or by mp4 audio/video files. Where are all the 'LOL M$ can't code' posters here?

    --
    This space for rent.
  6. Different Day, Same Crap by His+Shadow · · Score: 4, Insightful

    Has anyone driven a truck thru these gaping holes? Anyone? Beuller? When OSX is suffering from a deluge of viruses from all these supposed gaping holes in it's Architecture, please come back and let us know. Because while every operating system has vulnerabilities, only Microsoft was kind enough to make those vulnerabilities accessible by system wide scripting mechanisms that allowed millions of computer users the world over be the subject of attacks from the hundreds of thousands of pieces of malware constantly fighting to infect Windows PCs. The count (for those who think a security vulnerability makes Apple's points about viruses invalid) is about one hundred thousand to 0. This is being very generous. So, yes, as a matter of fact, there are no viruses for Mac OS X. Not virtually none, not almost none. None.

    --

    Fiat Homos et Pereat Theos

  7. Re:Must be running bootcamp by LihTox · · Score: 3, Insightful

    Viruses tend to find MacOS too arrogant an environment to survive in.

    Making our arrogance is an adaptive self-defense mechanism. So shove off, Windoze loser. :)

  8. Re:You forget one simple thing... by jo_ham · · Score: 3, Insightful

    There aren't enough Windows with IIS installed to make the average script kiddie drool in anticipation in comparison to Linux/BSD with Apache. Oh wait.

    If you don;t think the the chance to be the "first person to exploit the 'secure' OS X with a virus" isn;t driving some of these people then you are deluded. Or that genuine organised crime isn't going after the Mac platform (as a non-negligable marketshare) as well as Windows since it is amulti-million dollar industry compromising machines over the net. So far though, not much beyond proof of concept stuff and things that require user credential authentication.

    It's no reason to be complacent (and the patching of vulnerabilities is not complacency), or the assertion that OS X is immune to threats, because it isn't. But it has proven to have a pretty good track record - not perfect, but pretty good. Continued work is still needed though.

  9. Re:Cover your eyes by EvanED · · Score: 4, Insightful

    So as we wouldn't count a problem with notepad as a Windows OS issue, so we shouldn't count ones for other OS's non-essential programs.

    Not saying you're in this group, but a lot of people around here have no problem counting IE vulnerabilities against Windows.

  10. Re:Cover your eyes by shutdown+-p+now · · Score: 4, Insightful

    So as we wouldn't count a problem with notepad as a Windows OS issue, so we shouldn't count ones for other OS's non-essential programs.

    So far as I have seen, problems with user-space components such as Notepad are indeed counted as Windows issues. Which makes perfect sense, since Notepad is present out of the box, and the box says "Windows" on it.

    Similarly, OpenBSD has a fork of Apache 1.3 in their base system. If a vulnerability is found in that, then surely it's an OpenBSD vulnerability (hence the difference between base system and ports).

    If Apple ships Flash plugin that way, then they have to deal with any security issues that may cause.

  11. Re:You forget one simple thing... by mario_grgic · · Score: 3, Insightful

    What you are linking to is NOT a virus, but a malware that user has to download, authenticate themselves as someone allowed to install software and install it.

    If you have a user willing to do that, then all bets are off.

    The original assertion still stands though. No viruses (i.e. self propagating code that spreads from machine to machine without user intervention). There aren't any for OS X and I'm not aware of any for Linux/BSD etc either.

    --
    As the island of our knowledge grows, so does the shore of our ignorance.