PDA

View Full Version : Ancient flaws leave OS X vulnerable?


MacBytes
Jan 25, 2006, 09:24 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Mac OS X
Link: Ancient flaws leave OS X vulnerable? (http://www.macbytes.com/link.php?sid=20060125222411)
Description:: "OS X contains unpatched security flaws of a type that were fixed on alternative operating systems more than a decade ago, according to a security researcher credited with finding numerous bugs in Apple's increasingly popular platform."

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

winmacguy
Jan 25, 2006, 09:40 PM
I seem to remember reading something about this last year and if I remember correctly the bulk of these flaws are either very obscure or are very unlikely to be compromised by attackers anytime soon. :rolleyes:
Edit: As mentioned in this paragraph
"This "trivial" bug, according to Archibald, could easily have been exploited to grant a non-privileged user with admin rights and allow that user to create and remove "root" user accounts."

To exploit a lot of thses flaws you need to have administrator privileges which by my understanding means that you need to be inside the system. The bulk of todays viruses and trojans affect PCs via the internet, dodgy websites and email. Aside from user intervention this is where Apple is about 99% safe. Even I could stuff up OSX with admin access and I am not that crash hot at Unix or using the Terminal - I just have to ask the Mac admin at work which system files to remove.:rolleyes: :eek:

bousozoku
Jan 25, 2006, 10:01 PM
If this is a true account, I think that Apple would be taking this a bit more seriously though we don't know this person's true purpose.

Microsoft uses the tools and does lots of code audits, but Apple doesn't. Does this sound like a Microsoft supporter, paid or otherwise, to anyone else?

Perhaps, someone in Australia can tell us who this person is.

It seems odd that NeXT and FreeBSD were going along all this time with all these exposed flaws and no one took advantage of them.

SiliconAddict
Jan 26, 2006, 07:32 AM
I seem to remember reading something about this last year and if I remember correctly the bulk of these flaws are either very obscure or are very unlikely to be compromised by attackers anytime soon. :rolleyes:
Edit: As mentioned in this paragraph
"This "trivial" bug, according to Archibald, could easily have been exploited to grant a non-privileged user with admin rights and allow that user to create and remove "root" user accounts."

To exploit a lot of thses flaws you need to have administrator privileges which by my understanding means that you need to be inside the system. The bulk of todays viruses and trojans affect PCs via the internet, dodgy websites and email. Aside from user intervention this is where Apple is about 99% safe. Even I could stuff up OSX with admin access and I am not that crash hot at Unix or using the Terminal - I just have to ask the Mac admin at work which system files to remove.:rolleyes: :eek:

Umm no. As far as I can tell these exploits can be run through a website through a buffer overflow or through a simple Trojan attached to an e-mail. In both cases the local user who has administrative privs can compromise their own computer by running the software. But that is only glancing at the summaries for 30 seconds. This companies overview leaves allot to be desired.

mattraehl
Jan 26, 2006, 07:53 AM
Someone posted an interesting comment on the zdnet website. SureSec, the company of the security expert mentioned in the article, sells code auditing services. The security expert says Apple's code is "under-audited." Whether or not everything the guy is saying about OS X insecurities is true, it makes the whole thing a bit fishy. It comes off looking like they tried to sell their code auditing services to Apple, were unsuccessful, so they called up any media outlets they could find to run a story.

24C
Jan 26, 2006, 09:23 AM
Isn't this old news (from mid last year?), but been rehashed? :confused: