I'd like to see the analysis before I reject this as FUD or trolling for $s. But given that this is the same type of warning I've been hearing about for years, it doesn't hold much weight.

So far there have been only a couple of remote exploits and they were quite a long time ago. The last one that I remember was the "launch services" bug where a website could change your helper application and then run arbitrary code. This was fixed within two weeks and it was a major update to the launch services code. It was actually pretty impressive. And the Mac community had a couple of solutions that didn't require Apple out in two days or less of the problem becoming known.

Since then, the most serious vulnerability was a slight flaw in the Dashboard that could load new Dashboard widgets that looked like built-in widgets. Again, fixed in a matter of weeks.

The idea that there are lots of OS X boxes out there that are not patched is also not likely to be very true. OS X comes with software update automatically enabled. The majority of machines are automatically patched. So that shouldn't be a major concern unless there is some evidence that users are turning off automatic updates.

There needs to be more research (or at least something published) before I can take this seriously. Oh and I wouldn't buy software from Symantec anyway.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11359/32805#32805