Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
OS X Attack Code Released, and iTunes AAC Security Vulnerability Patched
- Thread starter MacRumors
- Start date
- Sort by reaction score
This just isn't making me quiver w/ fear. Wow, somebody found a way to exploit an operating system. Maybe we should abandon the electron and try running everything on Superman's Crystal Technology. 
Is there really a market out there that thinks the invulnerable OS is hrs away?
10. People build things.
20. Other People find ways to exploit what's been built.
30. People patch the problem.
40. Go to 20.
Can somebody show me where the surprise part comes in?
Is there really a market out there that thinks the invulnerable OS is hrs away?
10. People build things.
20. Other People find ways to exploit what's been built.
30. People patch the problem.
40. Go to 20.
Can somebody show me where the surprise part comes in?
good! Apple need a bloody good kick up the arse to solve this problem. releasing it to the public is a good idea. Security update imminent I reckons.
I bet it's just the prideful people who voted negative on this. It's great they release this! the quicker its addressed by Apple the quicker OSX is stronger.
I bet it's just the prideful people who voted negative on this. It's great they release this! the quicker its addressed by Apple the quicker OSX is stronger.
Hmm time for an analogy. There are two cars, car A and car B. Car A is crap. It breaks down all the time, is made of shoddy parts, gets the worst safety ratings possible etc. Car B is great, hardly ever breaks down, good solid parts, highest safety ratings.
Some yahoo comes along, sees that Car B can get in an accident just like Car A, and decides this is newsworthy.
Of course, no one ever claimed that Car B couldn't get in an accident. Or break down. Or run out of gas. All anyone ever did was claim that Car B was BETTER than Car A.
Shocking that MacOS X isn't perfectly invulnerable. Gee I thought that it was absolutely flawless! I'm shocked i tell you, SHOCKED.
You have got to be kidding me. I test software for a living. Even the simplest of programs used today (say TextEdit) are complicated enough that it is beyond reasonable to try and test it in every way possible. So sometimes, *gasp* a bug gets out, or an unitended hole gets created. Frankly I think that Apple's track record in protecting us more than enough for me to trust them. This guy? Whatever, he just wants attention.
Some yahoo comes along, sees that Car B can get in an accident just like Car A, and decides this is newsworthy.
Of course, no one ever claimed that Car B couldn't get in an accident. Or break down. Or run out of gas. All anyone ever did was claim that Car B was BETTER than Car A.
Shocking that MacOS X isn't perfectly invulnerable. Gee I thought that it was absolutely flawless! I'm shocked i tell you, SHOCKED.
You have got to be kidding me. I test software for a living. Even the simplest of programs used today (say TextEdit) are complicated enough that it is beyond reasonable to try and test it in every way possible. So sometimes, *gasp* a bug gets out, or an unitended hole gets created. Frankly I think that Apple's track record in protecting us more than enough for me to trust them. This guy? Whatever, he just wants attention.
Ummm...
I do a search of the Symantec website for "launchd" and get no results. Anyone have a link to the actual threat description and this stealth announcement by Symantec? If not, I'm calling shenanigans. Plus, if it's like the Bluetooth exploit, the user has to be a willing participant in the infection process, i.e., double click this attachment you got for somebody you don't know, stupid! I'm sorry, I don't consider stupidity a vulnerability to the operating system. I can write a piece of spyware for Mac OS X to run malicious code if the idiot user has to launch it first! Not that it makes it any less dangerous, but how dumb do you have to be these days to fall for that trap? Most Windows exploits are exploitable from outside the computer, or without the user's direct control. Don't see many of those with Mac OS X, not that they haven't existed, but they are usually patched before they are exploited in any massive way.
I do a search of the Symantec website for "launchd" and get no results. Anyone have a link to the actual threat description and this stealth announcement by Symantec? If not, I'm calling shenanigans. Plus, if it's like the Bluetooth exploit, the user has to be a willing participant in the infection process, i.e., double click this attachment you got for somebody you don't know, stupid! I'm sorry, I don't consider stupidity a vulnerability to the operating system. I can write a piece of spyware for Mac OS X to run malicious code if the idiot user has to launch it first! Not that it makes it any less dangerous, but how dumb do you have to be these days to fall for that trap? Most Windows exploits are exploitable from outside the computer, or without the user's direct control. Don't see many of those with Mac OS X, not that they haven't existed, but they are usually patched before they are exploited in any massive way.
He said it so it must be true....
What! You mean there's a difference?
Surely "hypothetically vulnerable"="thousands of virus attacks per year" just like "dozens of DVD authoring titles"="I'm gonna actually produce home DVDs....maybe, next year"
Never let reality get in the way of credible speculation
McD
P.S. Would the vulnerability be exploited by those automatic viruses or will I have to manually install them again? (quite labour-intensive)
Lixivial said:Myself, I'd prefer a proof-of-concept released after it's been patched rather than zero-day unpatched exploits. But to each his own.
What! You mean there's a difference?
Surely "hypothetically vulnerable"="thousands of virus attacks per year" just like "dozens of DVD authoring titles"="I'm gonna actually produce home DVDs....maybe, next year"
Never let reality get in the way of credible speculation
McD
P.S. Would the vulnerability be exploited by those automatic viruses or will I have to manually install them again? (quite labour-intensive)
sam10685 said:
You mean like the one they already made to fix this in 10.4.7 that was released a few days ago?
Except for the times that an update breaks something. Ever since the ethernet driver debacle of 2003 where G4 PowerMac's lost ethernet connectivity (10.2.8) -- including mine -- I wait about a week or two and monitor sites like xlr8yourmac.com for other's reviews before jumping in with an update.joshysquashy said:
I haven't been able to find any specifics about this, but I did find details about a potential exploit against launchd from last year. This exploit used a race condition bug within launchd to change permissions on an arbitrary file. From the description of this exploit, it could be the same one being rehashed. Details on the one I have found are here
michaelrjohnson said:Gosh... a single proof of concept of a local exploit...
This really isn't that big of a deal. Moral of the story: run Software Update regularly. Apple has done really well in patching their own holes, and responding to these types of "exploits".
That being said, nobody (even Apple) claimed that Macs are somehow immune to security exploits, attacks, and viruses. Nobody should be surprised that these types of things exist, and will someday have a greater impact on your workflow.
I was watching TV one day and it said that macs cant get viruses
stunna said:
They were wrong, macs can get viruses BUT 1) we don't have any 2) its much harder to write one that does anything serious
If security companies are starting to write proof-of-concept viruses for mac os I personally think its a good idea, Apple has been hiding behind the Unix supperiour security bit for to long!
Security company writes vulnerability attack , informs apple about it, release it out in the wild 2 months later. That way Apple has to react, security companies can create security products and make money by selling security products, we have a secure operating system... I dont see a down side.
Security company writes vulnerability attack , informs apple about it, release it out in the wild 2 months later. That way Apple has to react, security companies can create security products and make money by selling security products, we have a secure operating system... I dont see a down side.