Ancient flaws leave OS X vulnerable?

Discussion in ' News Discussion' started by MacBytes, Jan 25, 2006.

  1. macrumors bot

    Jul 5, 2003


    Category: Mac OS X
    Link: Ancient flaws leave OS X vulnerable?
    Description:: "OS X contains unpatched security flaws of a type that were fixed on alternative operating systems more than a decade ago, according to a security researcher credited with finding numerous bugs in Apple's increasingly popular platform."

    Posted on
    Approved by Mudbug
  2. macrumors 68020


    Nov 8, 2003
    New Zealand
    I seem to remember reading something about this last year and if I remember correctly the bulk of these flaws are either very obscure or are very unlikely to be compromised by attackers anytime soon. :rolleyes:
    Edit: As mentioned in this paragraph
    "This "trivial" bug, according to Archibald, could easily have been exploited to grant a non-privileged user with admin rights and allow that user to create and remove "root" user accounts."

    To exploit a lot of thses flaws you need to have administrator privileges which by my understanding means that you need to be inside the system. The bulk of todays viruses and trojans affect PCs via the internet, dodgy websites and email. Aside from user intervention this is where Apple is about 99% safe. Even I could stuff up OSX with admin access and I am not that crash hot at Unix or using the Terminal - I just have to ask the Mac admin at work which system files to remove.:rolleyes: :eek:
  3. Moderator emeritus

    Jun 25, 2002
    Gone but not forgotten.
    If this is a true account, I think that Apple would be taking this a bit more seriously though we don't know this person's true purpose.

    Microsoft uses the tools and does lots of code audits, but Apple doesn't. Does this sound like a Microsoft supporter, paid or otherwise, to anyone else?

    Perhaps, someone in Australia can tell us who this person is.

    It seems odd that NeXT and FreeBSD were going along all this time with all these exposed flaws and no one took advantage of them.
  4. macrumors 603


    Jun 19, 2003
    Chicago, IL
    Umm no. As far as I can tell these exploits can be run through a website through a buffer overflow or through a simple Trojan attached to an e-mail. In both cases the local user who has administrative privs can compromise their own computer by running the software. But that is only glancing at the summaries for 30 seconds. This companies overview leaves allot to be desired.
  5. macrumors 6502

    Feb 26, 2005
    sour grapes?

    Someone posted an interesting comment on the zdnet website. SureSec, the company of the security expert mentioned in the article, sells code auditing services. The security expert says Apple's code is "under-audited." Whether or not everything the guy is saying about OS X insecurities is true, it makes the whole thing a bit fishy. It comes off looking like they tried to sell their code auditing services to Apple, were unsuccessful, so they called up any media outlets they could find to run a story.
  6. 24C
    macrumors 6502a

    Nov 9, 2004
    Isn't this old news (from mid last year?), but been rehashed? :confused:

Share This Page