Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
In a hacking contest a few months ago, a vulnerability was found in Safari. To date that vulnerability has not been fixed by Apple.

Cite or retract. I'm pretty sure it *has* been fixed in Safari and certainly the fix went into Webkit very quickly.


That's just from the first 4 or 5 on CERT. It's really an endless list. If attackers turn their eyes toward OSX (a very good day in my book, it means it has become more then a blip on the radar), it will be the same old song we've seen with windows for ages: unpatched systems, ignorant users, apple blunders will all lead to vectors for attack. Only time will tell if it holds up better overall.

The knowledge base article was describing fixes in Quicktime 7.5. Are you sure this stuff hasn't already been fixed.
 
160 million page views.... I don't think you understood the article. WWDC isn't that big of an event. In fact it is very small. Ask 100 people on the street if they know what it is. chances are 1 might know and 99 won't

Exactly, 160 million page views but which pages? WWDC may be a small event but since every tech blog was covering it the volume of traffic will be disproportionate.

Honestly, I did understand the article - arn questions the same issue in his post.
 
Exactly, 160 million page views but which pages? WWDC may be a small event but since every tech blog was covering it the volume of traffic will be disproportionate.

Honestly, I did understand the article - arn questions the same issue in his post.

The figures are way too high every month, its not a June only thing, and the trend is picked up by Apple's every increasing sales.
 
3 pages discussion, and nobody mention that the OP's status is wrong?

the link in OP states:
users of the Mac accounted for 7.94% in June of those measured, according to Net Applications data. That's a rise of almost a half of a percent from 7.48% in May.

unfortunately, the data at NA is from 7.83 in May to 7.94 in June, which is essentially 0.1%, rather than 0.5 % as OP said.

At this speed, assume continuous increasing, it will reach 10% in....2027 :p
 

Attachments

  • Picture 3.png
    Picture 3.png
    52.5 KB · Views: 191
Sweet!

Go Mac!

I wonder how high it can go? It might help to have a mid-level upgradeable desktop, to attract less-rich of customers, though.

It might also help to be able to pair it with a sub $700 display.

Seriously Apple? $3000 is TOO much for a 4-Core machine with 20inch display.
 
The figures are way too high every month, its not a June only thing, and the trend is picked up by Apple's every increasing sales.

Not disputing that - I'm pointing out that this month's increase - and May's - will inevitably have a lot of noise generated by iPhone hype.
 
Cite or retract. I'm pretty sure it *has* been fixed in Safari and certainly the fix went into Webkit very quickly.




The knowledge base article was describing fixes in Quicktime 7.5. Are you sure this stuff hasn't already been fixed.

Sure, a lot of it has. There are other's that have not. However, before it's fixed it's a vulnerability. There are other vulnerabilities still outstanding, such as the ARD "automatic root for anyone that wants it" vulnerability.

Code:
osascript -e 'tell application "ARDAgent" to do shell script "whoami"'
You've got root!

Noting these vulnerabilities (again you can search CERT for many, many more both patched and unpatched) led into the rest of my post. As with windows, the #1 reason for a system being compromised is a combination of ignorant users, not being patched, and yet to be fixed vulnerabilities.

To expand on this, OSX has a very similar weakness to windows. You're tied to the apple development cycle in large part. Say bind comes out with a remote exploit vulnerability. The BIND developers release a patch immediately. As such, rpm's for Enterprise Redhat, debs for debian, etc. hit the repositories within 24 hours. An Apple admin is faced with a more difficult decision. He can patch immediately, but this might break compatibility with apple as they often customize software so it is not quite "standard". Further, the next patch could overwrite your changes you try to match compatibility by installing into the same system directories. If you divorce yourself from the apple release such as rolling your own and installing into /usr/local you'll begin wondering why you don't just use an open source solution that has a better reaction time.

I'm not digging apple for this, it's a consequence of the "tightly integrated, easy management" they provide. It's the same consequence we see in Windows servers to a degree.

I'm just saying, it's easy to point fingers and degrade the #1 target in the industry....we'll just have to wait and see how Apple field's the ball when and if it's ever their turn.
 
There are other vulnerabilities still outstanding

Of course, that isn't a surprise.

Noting these vulnerabilities (again you can search CERT for many, many more both patched and unpatched) led into the rest of my post. As with windows, the #1 reason for a system being compromised is a combination of ignorant users, not being patched, and yet to be fixed vulnerabilities.

Apple puts out software updates regularly and automatically. You can't slam them for fixed vulnerabilities. What more can they do to protect users?

To expand on this, OSX has a very similar weakness to windows.

And Windows is the #1 OS used in the enterprise so they aren't doing everything completely wrong in that department...
 
Apple puts out software updates regularly and automatically. You can't slam them for fixed vulnerabilities. What more can they do to protect users?
Nothing.


And Windows is the #1 OS used in the enterprise so they aren't doing everything completely wrong in that department...
I absolutely agree. My posts did not start as a slam, it started with a previous post claiming that OSX is inherently more secure and will never suffer the never ending wave of trojans and viruses that windows has. I was only pointing out the the greatest weaknesses of windows (un-patched vulnerabilities, ignorant users who click on shiny baubles in email, and the occasional 'hole' in the patch cycle for a known exploit) are very much a part of OSX as well....they are unavoidable, *every* OS will have them.

OSX hasn't been thoroughly tested in these waters yet and never will be until it captures significant market share. Claiming any OS in existence will be an end to our malware woes is just silly.
 
Beware of just one source

Beware of any sites "data" for the simple reason that most daytime surfing is people at work stuck on a locked down Windows based job computer. That has always been a problem in these "market share" figures for home users.
 
Beware of any sites "data" for the simple reason that most daytime surfing is people at work stuck on a locked down Windows based job computer. That has always been a problem in these "market share" figures for home users.
The figures themselves aren't important, well not outside of the potential headlines when OSX climbs above 10% on one of these sites for the first time.

What's important is the trend. That's the thing that the software producers and developers of corporate Web sites use to see where to target their products. They already know what percentage of Mac (or Linux) users are hitting their sites or buying their apps, but they normally need to project what that revenue slice will be in eighteen months to two years time. As long as the Mac is continually creeping up the actual % of either doesn't really matter.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.