 |
More of my sitesWinInfo Daily News
|
About this siteFor six years, the Internet Nexus served as my technology blog, but I've since started blogging at the SuperSite Blog instead. If you're looking for the blog, please head there. --Paul Friday, May 28, 2004Apple 'pompous' over OS X flawsMacWorld: "Apple continues to attract criticism for the manner of its reaction to recent security weaknesses identified in Mac OS X. Today's Techworld castigates the company, saying: 'Apple has failed to keep it up-to-date with security patches, despite claims to the contrary and a variety of pompous pronouncements.' It appears yesterday's Mac OS X 10.3.4 update does not include security patches released by the company last week ... The story also points out Apple's failure to patch an additional security weakness identified last week."I've avoided discussing Apple's many security problems of late. Many might wrongly concluded that I would gloat over this (inevitable) development, but nothing could be further from the truth. Certainly, it validates what I've been saying all along about Mac OS X security and the fact that Apple simply doesn't have the resources to secure this system, but thankfully has such a small user base that few hackers have bothered attacking OS X thus far. I guess that's changing. Apple lackluster response to these events should be disturbing to the company's fans. Welcome to the real world, Gustav. Related: TechWorld: "Apple has released the latest version of its Mac OS X operating system - 10.3.4 - but has failed to keep it up-to-date with security patches, despite claims to the contrary and a variety of pompous pronouncements ... Not only does a patch rated 'extremely critical' not come with the latest OS but Apple makes no mention of the need to download and install it. In fact, it claims it is already installed. On top of this, Apple has yet to provide a patch for another 'extremely critical' hole first reported over a week ago, even though it falsely claimed that its Help viewer patch also covered this hole which allows a malicious hacker to remotely execute code. These holes are still easily exploitable ... One wonders how much longer the software company can continue to pretend that security somehow does not apply to its operating system." TechTree: "Although Apple issued a patch late Friday afternoon to fill in a security hole, Secunia, the security firm that first found out about the security hole, warned that, users of the operating system would still remain vulnerable to an 'extremely critical' security flaw ... even if they apply a patch that Apple published Friday to fill the security hole. It would also be possible to execute arbitrary code on a vulnerable user's system, just as easy as before Apple issued Friday's security update for Mac OS X." Dr. Mac: "I suppose it had to happen ... There is a definite security hole in Mac OS X that could be exploited and damage the data on your hard disk ... you should know that the Apple Security Update released late last week, Security Update 2004-05-24, does not fix this security hole, so even if you applied a Security Update to your Mac this week, you are vulnerable." InternetNews.com: "Apple Winds Down Buggy Panther OS ... Security firms are finding chinks in Apple's usually bulletproof armor." Search Security: "Another vulnerability in Mac OS X that could be exploited by malicious Web sites has been reported by IT security firm Secunia. The problem has been confirmed on machines fully patched using fixes Apple released last week to address two earlier holes ... While Microsoft and other companies have learned the hard way that public backlash can be fierce when vulnerabilities aren't quickly and fully disclosed and fixes made available, Apple has not caught on. 'Microsoft and most Linux distributions have learned the lesson and properly describe the nature and the impact of (most) vulnerabilities, allowing their customers to properly estimate the severity of a fixed issue,' said Niels Henrik Rasmussen, chief executive officer of Secunia. 'This is not possible when reading an Apple update.'" Sydney Morning Herald: "A security patch released by Apple last Friday, to fix critical vulnerabilities in two URI handlers, does not fix the problem ... A researcher who goes by the name lixlpixel informed Apple about it on February 23 and heard back from the company on May 20, saying that a fix would be available soon." Silicon.com: "Mac OS security fix fails to plug vulnerabilty ... Apple would not comment. The company released the original patch last Friday after news of the vulnerability appeared on the internet. The vulnerability actually involves two flaws ... Perhaps the biggest problem is that there seems to be no easy solution ... The issue is the first major security problem for Mac OS X that has not been caused by the operating system's underlying Unix roots. Previously, Mac OS X has mainly had to patch problems that affected FreeBSD, the Unix-like operating system on which it is based. However, the current issue is in the code that the company built on top of that software. Forno maintains that the Mac is more secure than Windows but stressed that this problem should have been caught in testing before the operating system had shipped. Moreover, in light of the goofed patch and previous issues with Apple downplaying security problems, he said the company needs to start being more proactive about security." [ Posted at 12:10 PM | Permalink ]
|
|
Nexus Home | Nexus Archives | Email Paul
|