20 critical Apple vulnerabilities to be revealed

Discussion in 'MacBook Pro' started by MacBytes, Mar 17, 2010.

  1. MacBytes macrumors bot

    Jul 5, 2003


    Category: News and Press Releases
    Link: 20 critical Apple vulnerabilities to be revealed
    Description:: Charlie Miller, the security researcher renowned for hacking Apple products during many a hacking competition, will be making public (at the CanSecWest security conference later this month) his latest research through which - he claims - he was able to find some 30 critical flaws in commonly used software.

    Posted on MacBytes.com
    Approved by Mudbug
  2. Sayer macrumors 6502a


    Jan 4, 2002
    Austin, TX
    ..security flaws that are only accessible by inserting a 3rd party USB device, installing a 3rd party KEXT and then opening a ridiculously complex "special" PNG file that must be opened via the command line using 'sudo' right?
  3. eawmp1 macrumors 601


    Feb 19, 2008
    1) The security flaws have been widely exploited :rolleyes:
    2) I've got a secret and I'm not tellin' :rolleyes::rolleyes:
  4. MMX macrumors regular

    Feb 16, 2010
  5. Full of Win macrumors 68030

    Full of Win

    Nov 22, 2007
    Ask Apple
  6. 2002cbr600f4i macrumors 6502

    Jun 21, 2008
    Um if he doesn't tell Apple about them, how can he honestly expect them to fix them? If they don't know it's broke they can't patch it... Maybe he has come up with a way to attack that nobody at Apple has thought of to test to find such bugs internally...

    Until such claims are presented either to the company at fault or open to the public for verification, I call BS.
  7. ogee macrumors 6502

    Nov 8, 2006
    Wow 30 exploits, so many, not like some other popular systems that have what ... how many...??
  8. nagromme macrumors G5


    May 2, 2002
    Even if it’s not all BS, he’s still not behaving like a responsible security researcher, but like an insecure person (no pun intended) who craves attention.

    Maybe he should make list of companies whose code base is so small that it’s either bug-free, or that any bug can be found without even knowing what it is. (This list would be zero companies long.)
  9. JavierP macrumors regular

    Mar 17, 2008
    He's not doing anything special, he just feeds crap/out of spec. params to applications and wait for them to crash because of memory corruption. He also looks for security problems in open source projects that Apple uses and checks if Apple devels are dragging their feet on the bug fixing.
    Apple could have an army of people like him looking for vulnerabilities/reviewing code.
  10. Consultant macrumors G5


    Jun 27, 2007
    Perhaps the more important thing is:

  11. macswitcha2 macrumors 65816

    Oct 18, 2008
    That's besides the point...if there was 30 vulnerable spots in your home by which thieves can get in and rob you blind, you will want to quickly secure such places.
  12. Bandman999 macrumors newbie

    Apr 27, 2004
    Why bother with the Mission-Impossible-style task to gain access to the dispose-all in my kitchen when you can walk right in the front door of the next house and rob the whole place?
  13. padrino121 macrumors member

    Apr 5, 2004

    I'm not sure what your definition of a responsible security researcher is but if it's turning over everything he finds to Apple or other vendors out of the good of his heart he is doing himself a disservice for man months of labor. I'm not sure about you but charity doesn't factor into the equation. He doesn't sell them on the black market but uses his (strong) skillset to point out to the general public an important point about the reality of security in the software most use every day.
  14. John Kotches macrumors 6502

    Jan 19, 2010
    Troy, IL (STL Area)
    And the novelty here is? It's been done before, it'll be done again but the general public will continue on aimlessly -- with unsecured WAPs and systems.
  15. Winni macrumors 68030


    Oct 15, 2008
    You are conveniently ignoring the fact that the other house is much safer by design than your cozy designer home with its 30 freshly discovered EXPLOITS.

    And maybe some of you folks here also do not understand the difference between a system vulnerability and an exploit -- an exploit demonstrates how you can actually take advantage of a vulnerability. There is nothing theoretical about an exploit.

    What Apple fans just don't want to hear in this context is that those security folks clearly and without room for interpretation said that Mac OS X is the easiest to crack system out there and that it is much less secure than even Windows. There is nothing to discuss about that statement, especially not since they are even able to prove it. It's just that Mac heads don't want to hear it and escape in their typical state of denial: There cannot be what's not supposed to be. And Apple just cannot do wrong.
  16. NT1440 macrumors G4


    May 18, 2008
    Uh, why don't you actually wait to see what these are? How many times does the media use wrong terms or related terms interchangeably?

    Edit: you should probably read the actual article as well....

    Also, how is windows (which I assume you meant by "the other house") safer by design than something based on unix? :confused:
  17. mabaker macrumors 65816


    Jan 19, 2008
    I actually am still waiting for some of these wannabie hackers come and HACK THE HELL OF OUT let’s say 100+ Macs across the web and prove their Goddamn point. And please - without pre-existing plug-ins into Safari or stuff like that.

    Until then the opinion that Mac OS X is less secure but FAR safe than Windows stands still as a rock.
  18. ScottishDuck macrumors 6502a


    Feb 17, 2010
    Argyll, Scotland
    There are numerous mac botnets.
  19. aristobrat macrumors G5

    Oct 14, 2005
    You forgot RISK.

    RISK is based on the likelihood that an attacker will take advantage of that exploit.

    OS X has always had vulnerability and exploits.

    What OS X HASN'T had is a track record of attackers being able to successfully publicly take advantage of those exploits.

    Numerous? Google seems to think that there's one, and it wasn't the result of exploits of software vulnerabilities, AFAIK.
  20. Consultant macrumors G5


    Jun 27, 2007
    Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows

    The Mac Malware Myth

    The Unavoidable Malware Myth

    Windows 7 Still failed virus tests

    FYI, many hackers, such as Kevin Mitnick, use a Mac. You think about that.

    That's misleading.

    It only happens for the el cheapos who pirated iWork (or installed suspicious software). That's installed via trojan that depends on user stupidity, not OS insecurity.
  21. applesupergeek macrumors 6502a

    Nov 20, 2009
    Excellent point buddy. The proof of the eating is in the pudding. There are a lot of "security" experts working for wannabe antiviruses for mac that they 'd love to have macs hacked in large numbers so they can sell their wares or sociopath hackers. The fact that this hasn't happened is testament that the proverbial pudding is really tasty!
  22. Pentad macrumors 6502a


    Nov 26, 2003
  23. I-Eat-Flowers macrumors newbie

    Mar 24, 2010
    look at that douche in his ugly lacoste tshirt :D
  24. gwsat macrumors 68000


    Apr 12, 2008
    I certainly won't minimize the apparent security holes discussed in the Forbes piece. Any way you slice it, they are a concern. Nevertheless, it seems to me that the main reason Windows machines are successfully attacked exponentially more often than are Macs is that there are exponentially more of them. Thus, OS X simply isn't nearly as tempting a target for meanspirited hackers as Windows is. I knew there had to be a reason why we pay Apple those premium prices. :)

Share This Page