20 critical Apple vulnerabilities to be revealed

Discussion in 'MacBook Pro' started by MacBytes, Mar 17, 2010.

  1. MacBytes macrumors bot

    Joined:
    Jul 5, 2003
    #1

    [​IMG]

    Category: News and Press Releases
    Link: 20 critical Apple vulnerabilities to be revealed
    Description:: Charlie Miller, the security researcher renowned for hacking Apple products during many a hacking competition, will be making public (at the CanSecWest security conference later this month) his latest research through which - he claims - he was able to find some 30 critical flaws in commonly used software.

    Posted on MacBytes.com
    Approved by Mudbug
     
  2. Sayer macrumors 6502a

    Sayer

    Joined:
    Jan 4, 2002
    Location:
    Austin, TX
    #2
    ..security flaws that are only accessible by inserting a 3rd party USB device, installing a 3rd party KEXT and then opening a ridiculously complex "special" PNG file that must be opened via the command line using 'sudo' right?
     
  3. eawmp1 macrumors 601

    eawmp1

    Joined:
    Feb 19, 2008
    Location:
    FL
    #3
    1) The security flaws have been widely exploited :rolleyes:
    2) I've got a secret and I'm not tellin' :rolleyes::rolleyes:
     
  4. MMX macrumors regular

    Joined:
    Feb 16, 2010
    Location:
    Manchester
  5. Full of Win macrumors 68030

    Full of Win

    Joined:
    Nov 22, 2007
    Location:
    Ask Apple
  6. 2002cbr600f4i macrumors 6502

    Joined:
    Jun 21, 2008
    #6
    Um if he doesn't tell Apple about them, how can he honestly expect them to fix them? If they don't know it's broke they can't patch it... Maybe he has come up with a way to attack that nobody at Apple has thought of to test to find such bugs internally...

    Until such claims are presented either to the company at fault or open to the public for verification, I call BS.
     
  7. ogee macrumors 6502

    Joined:
    Nov 8, 2006
    Location:
    Earth.
    #7
    Wow 30 exploits, so many, not like some other popular systems that have what ... how many...??
     
  8. nagromme macrumors G5

    nagromme

    Joined:
    May 2, 2002
    #8
    Even if it’s not all BS, he’s still not behaving like a responsible security researcher, but like an insecure person (no pun intended) who craves attention.

    Maybe he should make list of companies whose code base is so small that it’s either bug-free, or that any bug can be found without even knowing what it is. (This list would be zero companies long.)
     
  9. JavierP macrumors regular

    Joined:
    Mar 17, 2008
    #9
    He's not doing anything special, he just feeds crap/out of spec. params to applications and wait for them to crash because of memory corruption. He also looks for security problems in open source projects that Apple uses and checks if Apple devels are dragging their feet on the bug fixing.
    Apple could have an army of people like him looking for vulnerabilities/reviewing code.
     
  10. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #10
    Perhaps the more important thing is:

     
  11. macswitcha2 macrumors 65816

    Joined:
    Oct 18, 2008
    #11
    That's besides the point...if there was 30 vulnerable spots in your home by which thieves can get in and rob you blind, you will want to quickly secure such places.
     
  12. Bandman999 macrumors newbie

    Joined:
    Apr 27, 2004
    #12
    Why bother with the Mission-Impossible-style task to gain access to the dispose-all in my kitchen when you can walk right in the front door of the next house and rob the whole place?
     
  13. padrino121 macrumors member

    Joined:
    Apr 5, 2004
    #13

    I'm not sure what your definition of a responsible security researcher is but if it's turning over everything he finds to Apple or other vendors out of the good of his heart he is doing himself a disservice for man months of labor. I'm not sure about you but charity doesn't factor into the equation. He doesn't sell them on the black market but uses his (strong) skillset to point out to the general public an important point about the reality of security in the software most use every day.
     
  14. John Kotches macrumors 6502

    Joined:
    Jan 19, 2010
    Location:
    Troy, IL (STL Area)
    #14
    And the novelty here is? It's been done before, it'll be done again but the general public will continue on aimlessly -- with unsecured WAPs and systems.
     
  15. Winni macrumors 68030

    Winni

    Joined:
    Oct 15, 2008
    Location:
    Germany.
    #15
    You are conveniently ignoring the fact that the other house is much safer by design than your cozy designer home with its 30 freshly discovered EXPLOITS.

    And maybe some of you folks here also do not understand the difference between a system vulnerability and an exploit -- an exploit demonstrates how you can actually take advantage of a vulnerability. There is nothing theoretical about an exploit.

    What Apple fans just don't want to hear in this context is that those security folks clearly and without room for interpretation said that Mac OS X is the easiest to crack system out there and that it is much less secure than even Windows. There is nothing to discuss about that statement, especially not since they are even able to prove it. It's just that Mac heads don't want to hear it and escape in their typical state of denial: There cannot be what's not supposed to be. And Apple just cannot do wrong.
     
  16. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    Location:
    Hartford, CT
    #16
    Uh, why don't you actually wait to see what these are? How many times does the media use wrong terms or related terms interchangeably?

    Edit: you should probably read the actual article as well....

    Also, how is windows (which I assume you meant by "the other house") safer by design than something based on unix? :confused:
     
  17. mabaker macrumors 65816

    mabaker

    Joined:
    Jan 19, 2008
    #17
    I actually am still waiting for some of these wannabie hackers come and HACK THE HELL OF OUT let’s say 100+ Macs across the web and prove their Goddamn point. And please - without pre-existing plug-ins into Safari or stuff like that.

    Until then the opinion that Mac OS X is less secure but FAR safe than Windows stands still as a rock.
     
  18. ScottishDuck macrumors 6502a

    ScottishDuck

    Joined:
    Feb 17, 2010
    Location:
    Argyll, Scotland
    #18
    There are numerous mac botnets.
     
  19. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #19
    You forgot RISK.

    RISK is based on the likelihood that an attacker will take advantage of that exploit.

    OS X has always had vulnerability and exploits.

    What OS X HASN'T had is a track record of attackers being able to successfully publicly take advantage of those exploits.

    Numerous? Google seems to think that there's one, and it wasn't the result of exploits of software vulnerabilities, AFAIK.
     
  20. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #20
    Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
    http://i.gizmodo.com/5101337/giz-explains-why-os-x-shrugs-off-viruses-better-than-windows

    The Mac Malware Myth
    http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

    The Unavoidable Malware Myth
    http://www.roughlydrafted.com/2008/...-apple-wont-inherit-microsofts-malware-crown/

    Windows 7 Still failed virus tests
    http://www.winandmac.com/news/windows7virustest/

    FYI, many hackers, such as Kevin Mitnick, use a Mac. You think about that.


    That's misleading.

    It only happens for the el cheapos who pirated iWork (or installed suspicious software). That's installed via trojan that depends on user stupidity, not OS insecurity.
     
  21. applesupergeek macrumors 6502a

    Joined:
    Nov 20, 2009
    #21
    Excellent point buddy. The proof of the eating is in the pudding. There are a lot of "security" experts working for wannabe antiviruses for mac that they 'd love to have macs hacked in large numbers so they can sell their wares or sociopath hackers. The fact that this hasn't happened is testament that the proverbial pudding is really tasty!
     
  22. Pentad macrumors 6502a

    Pentad

    Joined:
    Nov 26, 2003
    Location:
    Indiana
  23. I-Eat-Flowers macrumors newbie

    Joined:
    Mar 24, 2010
    #24
    look at that douche in his ugly lacoste tshirt :D
     
  24. gwsat macrumors 68000

    gwsat

    Joined:
    Apr 12, 2008
    Location:
    Tulsa
    #25
    I certainly won't minimize the apparent security holes discussed in the Forbes piece. Any way you slice it, they are a concern. Nevertheless, it seems to me that the main reason Windows machines are successfully attacked exponentially more often than are Macs is that there are exponentially more of them. Thus, OS X simply isn't nearly as tempting a target for meanspirited hackers as Windows is. I knew there had to be a reason why we pay Apple those premium prices. :)
     

Share This Page