Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
It's only a matter of time...
Jason Miller, 2005-08-18

According to the Apple Web site, Security Update 2005-007 was released to the public on August 12, 2005. And, as with all of their recent security updates, it is available to all Apple customers free of charge. I'm sure none of you reading this article will argue with me about that being a good thing.

Comments Mode:
It's only a matter of time... 2005-08-18
Anonymous (2 replies)
It should be noted that the vulnerabilities you mentioned only affect one or the other of OS 10.3 or 10.4 (making it less attractive to attack) and that the first one you mentioned was not vulnerable to remote attack (which makes it a much lower priority).

Add to that the fact that Apple still e...

[ more ]  [ reply ]
Re: It's only a matter of time... 2005-08-24
Jason V. Miller (Author) (1 replies)
"Add to that the fact that Apple still enjoys ZERO exploits"

There are public exploits for vulnerabilities in OS X. As well, if you're under the impression that the lack of publicly available exploits means that none exist, then you're mistaken.

"and I think it is a bit premature to take any i...

[ more ]  [ reply ]
Re: Re: It's only a matter of time... 2005-08-29
Tom
"combined with the core security of the OS has kept mac users 100% safe"

"There's no denying the fact that OS X has been build on a solid foundation."

Yeah, Free BSD. There are no publicly known exploits because most kids making a virus do not spend the money to buy a MAC nor the time to lea...

[ more ]  [ reply ]
Re: It's only a matter of time... 2005-08-26
Popetodd
You are sadly mistaken sir.

The current Mac OS is built on BSD and contains many pieces of GPL'd code. I am a Unix admin by profession and I can tell you unequivicoly that these components have exploits available to them right now. And they will continue to have exploitable vulnerabilities for th...

[ more ]  [ reply ]
Security through obscurity is not security at all 2005-08-19
Doogie (1 replies)
The central point of this article appears to be that security through obscurity - MS closed source development model - is better than the underlying force for more secure code, combined with the pressure for fast fixes, created by an open source development.

I don't think this stands up to scrut...

[ more ]  [ reply ]
Re: Security through obscurity is not security at all 2005-08-24
Jason V. Miller (Author)
"The central point of this article appears to be that security through obscurity - MS closed source development model - is better than the underlying force for more secure code, combined with the pressure for fast fixes, created by an open source development."

As you mention in your comment, secu...

[ more ]  [ reply ]
It's only a matter of time... 2005-08-19
Anonymous
>>...I would argue that Microsoft is in a far more advantageous position, oddly enough, because their operating system doesn't contain so much open source software. ...

Hmm.. Well, the lack of open source software in MS OS's haven't seemed to impeded hackers' abilities to trash peoples' computers...

[ more ]  [ reply ]
It's only a matter of time... 2005-08-19
Ian Crew (1 replies)
Another worrisome thing is that our Apple reps here at UC Berkeley have confirmed the lack an official statement from Apple on which versions of the Mac OS they are supporting. From the document at http://docs.info.apple.com/article.html?artnum=61798, it looks like they may not be supporting anythi...

[ more ]  [ reply ]
Forever, in my opinion! 2005-08-29
Roger
In my opinion critical security patches should continue to remain available on a similar basis to other manufacturers issuing safety fixes to physical products -- more or less forever! To be more specific and more practicable, I would say security patches need to be released for known problems so lo...

[ more ]  [ reply ]
It's only a matter of time... 2005-08-22
Anonymous (1 replies)
While you do have a good point with regards to Apple having to change its policies wrt patches, I think that you are missing a very important issue in your analysis.

First of all, not all of OS X is open source, rather, some of the more important parts are not.

Regardless of publication of th...

[ more ]  [ reply ]
Re: It's only a matter of time... 2005-08-26
popetodd
I will just respond to this one point.

"First of all, not all of OS X is open source, rather, some of the more important parts are not."

This is a clasic trap that management tends to fall into. The "but the really important parts are more secure than the OS ones" argument is a fallacy.

If...

[ more ]  [ reply ]
It's only a matter of time... 2005-08-29
Alexey Vesnin
By the way - why we're buying a system without a source code? Think about it! MySQL, Snort - and many other of OpenSource software products - they're open. Why? Just because the developers want to make it REALLY better. I'll never use for my personal project ANY non-sourced component - even if it's ...

[ more ]  [ reply ]
It's only a matter of time... 2005-08-29
MeAnonymous (1 replies)
The article was an interesting read. But I was left with a question where the answer is less complimentary than you about Apple's security patch history. How do the open source projects manage to get a patch out within hours or days of an identified problem (including most of the ones on your list...

[ more ]  [ reply ]
Re: It's only a matter of time... 2005-08-31
Anonymous
while there patch timeliness is atrocious. Many of the patches posted by the open source community are just as atrocious. patches that have been developed and posted to the net 2 hours later means one thing. UNTESTED. people run mission critical stuff on open source software and if open source vendo...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus