The purveyor of broken idreams, Steve Jobs has realised that his Mac OS X operating system has a few security holes.
While all the marketing claims that only Microsoft's Windows has security problems and the OSX is as secure as Fort Knox, Jobs has signed off on a patch which fixes a whopping 13 vulnerabilities.
The release fixes issues in several components, including CoreGraphics and Apple Type Services. Several of the vulnerabilities cause buffer overflows, and can be exploited to execute arbitrary code. Of course no one ever hacks Apple machines so the patches are probably cosmetic.
Apple's advisory claims that the Apple Type Services (ATS) bug can be triggered by viewing or downloading a document containing a malicious embedded font. If exploited, hackers could use it to run code. Apple said it fixed the issue by improved bounds checking.
A heap buffer overflow due to CoreGraphics' handling of PDF files can also be exploited by attackers to run arbitrary code, and was likewise addressed with improved bounds checking.
Six of the vulnerabilities affect PHP. One can be exploited via a malicious PNG image, and does not affect systems prior to Mac OS X v10.
While we welcome the fact that Jobs has finally worked out that the OSX is insecure, it would be nice if he dropped the marketing pitch that claims that users are protected from malware thanks to his aura.
.jpg){kind=icon}
You can't! So shut the hell up...
Just so no one gets led astray, here, Apple has released security updates ever since they started publishing an operating system. So, how long's that been now? Like, about THIRTY YEARS? And yeah, throughout this time Apple has said that their platform suffers from little to no security issues. Looking at their platform's track record versus Windows' they're not lying. Security through obscurity? That's certainly part of it. But, the results speak for themselves. You want less hassle using a computer, so you can just do your work and have your fun without having a bullseye on your back? Get a Mac.
None of Mac OSX's vulnerabilities have been turned into exploits in 10 years. The Mac user only has Trojan Horses to worry about, because those require that the user be tricked into giving away the Mac's passwords.
Almost all of the Mac's vulnerabilities occur in its FreeBSD UNIX foundations which it often shares with Linux. Apple has been tardy in applying fixes, because it cannot afford to disturb its users productivity.
If you look at Operating Systems realistically, then the Mac OS is far more secure than Windows which is the source of 95% of the world's malware problems. Focusing intently on the Mac's minuscule security problems is ludicrous. It is a way of shielding Microsoft from just criticism.
, they call all buffer overflows "security patches" they are nothing but buffer overflows that no one has exploited to steal data, and to prove the point, no OSX user has ever lost data from such an exploit....
try and catch a clue next time..... then on the other hand there are mIllions of Windows users who have lost data just from the actual anti-virus software that was supposed to protect them, from bugs in the anti-virus software....
THAT is how far in left field you are....
Then you have those who say the MacOS does have lots of security and is perfect... but needs all the updates... which is it?
Fanboys always feel the need to attack me for pointing out flaws in the their little fantasy ... not that I care.
I do find it fascinating that they always use the same insults and think they are clever. "waste of bandwith" ha ha do you know what bandwidth is or is a technology phrase someone else told you and you thought was cool. If you are going to try and insult someone at least come up with something original, but that is not something Apple does very well these days now that it is no longer niche.
Anyway
1. don't work for Microsoft I don't like them much or any one in the technology industry. They are generally a bunch of sharks and the users are bait.
2. I use Windows 7 and Linux but I am not obsessive about it. I want my computer to work and for me to do what I like with it,
3. I don't give a monkeys about site hits. Apple fan boys are too few to make a difference even if they make the most noise/
4. I hate cults of unreason which take people's money and give little in return.
5. I hate it when ignorance is considered a virtue and shallowness something which needs to be shared
6. I don't like it when people try to bully you to their fundamentalist way of thinking.
7. If you don't like what I say come up with a reason... Think different! Don't parrot Apple cliches from the 1980s that are no longer true. I was using an Apple in the 1980s it caught fire a LOT.
8. Owning any technology is not going to give you any satisfaction, make you more intelligent, make your dick longer,or breasts larger. It is not going to make you more popular, nor is anything worth queuing up to buy unless it is food in the third world. A computer shop is not a church and you will not obtain enlightenment by owning any technology. Nor should a CEO tell you which programmes you should watch or what software you should buy. Thinking different is not following crowds of sheep waiting for someone telling them what to do. Nor is it bullying people to conform to a marketer's dream.
So in short, come up with something intelligent about the technology and we will talk about it... otherwise you are dragging humanity down the evolutionary tree and replacing your souls and meaning with a music player.
speaking of ignorance.... and shallowness.... you have embodied both... notice the date below, and that it is Windows 7 you dolt....
http://www.sophos.com/blogs/chetw/g/2009/11/03/windows-7-vulnerable-8-10-viruses/
http://www.eweek.com/c/a/Security/McAfee-Scrambles-to-Contain-Virus-Definition-Gaffe/
http://www.computerworld.com/s/article/9175940/McAfee_apologizes_for_crippling_PCs_with_bad_update
AGAIN. THERE ISN'T A SINGLE VIRUS THAT CAN INFECT AN OSX system... PERIOD.... that is a FACT..... LOOK IT UP....
not a single Anti-virus software program has ever saved an OSX user from a Virus, BECAUSE THERE ARE NONE....
the odds of losing Data from an Anti-Virus software update are 100,000,000,000 times (actually infinite) more likely to lose data on an OSX system than they are to a virus.. PERIOD....
nor would anti-virus software do anything for any of the "whopping 13 vulnerabilities"... since no virus can exploit any of them, to prove the point, I've had a machine running for 6 years without a single OSX update, 24/7 connected to the internet, and it has never been infected, yet it has been probed as many times as the windows Machines that were taken over within minutes......
http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm
notice the attacks per hour for the OSX machine...
by the way, i'm a Security Expert.... and you my friend are ignorant...
I would like to know which company is dumb enough to hire you. I would ask them why they hire someone who thinks it is "good security" to leave any machine unprotected (I have never seen a security firm who recommends leaving even macs or Linux desktops unprotected). So unless you mean you say you are an expert in security you are security guard at your local mall. Other wise you and your company are so shite what ever the operating system you use.
It would be a story believe me. So security expert... who do you work for? Will you go on record with your real name and company saying this drivel.... I doubt it. You sign your name honkj ffs.
Second did you read that honeypot statistic? USATODAY appeared to be attacking people with Windows worms (remember those days) and were shocked to discover that the Linux and MacOS machines were not breached. The Windows machines were breached because they had not updated their virus patch for a year, must be following your advise on security.
Opps your figures are PRE-VISTA 2004!!! sheesh proves my point that fanboys are living in a time warp where Apple was an underdog against the terrible Microsoft..
So Mr Security EXPERT who uses seven year old figures, that were compiled before he stopped installing security software, is that the best you can do? Why should we believe that some who claims to be a security expert, but can't find a capital letter on his machine? How old are you? Does your mother know you are up?
I have not had a Trojan on my Windows 7 machine for while either. I had a couple on my XP box... what is the big deal with virus checkers... is there some advantage in network nudism?
You are an asshole!
Thanks for reading.
by the way, regardless of your ignorance of the subject, Anti-Virus software is extremely dangerous for Mac Users, it has cost millions of computer users their data, and you would have to be an extremely unfortunate security personal that would recommend that sort of risk for an OSX machine, when one has been sitting running for 6 years without ANY AV software, without a single successful breach of that computer....
YES believe it or not, an OSX computer is much and i mean MUCH better off without Anti-virus software, I know that is hard for someone that is ignorant on the subject to believe, but that is why i get the big bucks.... to find that out.... while Windows users continue to struggle with the problems....
the less than informed Nick Farrell said that for FIVE YEARS he hasn't seen nor heard of a virus for Windows 7.... that Article proves his ignorance on the subject....
and the fact that it stopped something does not mean they were trojans??? that is an ignorant thing to say.... The fact that there are Windows 7 viruses is undeniable too...
also Windows 7 users SHOULD use Anti-Virus software, although many many users are going to be screwed over by the AV software update bugs and lose tons of data, MANY MORE THAN THAT will lose data to viruses, so you have to go with the lesser of the two evils...
of course an OSX users, as i've proven over the years, has the best of both worlds... by not installing buggy AV software in the first place...
and i want to stress with the highest level of confidence, that not a single AV piece of software would have done anything to stop any exploits from the above 13 buffer overflow bugs.. nor any of the past buffer overflow bugs of the past 6 and more years... mainly because there were NO EXPLOITS of those buffer overflows that would allow viruses or any malware without the assistance of a user.
that is why an OSX computer is able to run for 6 years without any AV software... nor updates for that matter....
there are Malware apps that an OSX user can download, but there are many many warnings that they have to click through, I've advised for years that this is very simple, Always head the warnings from OSX when you are downloading something, and of course never download from any source, unless you know why you are downloading and from what site...
there is no AV software that can prevent a user from overriding warnings...
the City of Troy did not fall because their gate was too weak, they had the best equipment that money could buy at the time with that walled city and gate... but that does nothing against the people opening the gate... nor does AV software, because no AV software knows about trojans that are new and in the future...
simply telling a client the simple facts of life of downloading prevents ALL attacks on OSX... ALL of them to date... including even just going to some sites.
apparently you did not read some of the articles... Millions of Windows users have lost data from using AV software, so there is something to network nudism... however for a Windows user, it is the least of two evils, so yes for you, install AV software... and just remember that not only do the updates have bugs that will cost you someday, that also the AV software does not actually block many of the malware apps that are out there. the HUGE number of people's credit cards and iTunes accounts that are compromised each day for the past more than 3 years proves that.....
your credit card info or iTunes info or other info could have been compromised a year or more ago, but it is put into a black market "bank" and bought and sold, and you will never know until it is sold to someone in asia trying to get something for free...
if you know these things then you are more protected than most, you have armed yourself... not with AV software, but with knowledge... ...
(of course the person who has really armed themselves with knowledge have gotten a mac and are just a little diligent, those are the ones that have seen the light of knowledge.)
but hey without people to lose, where would the IT jobs be :o)
uhh, as i said, the computer has been running for 6 years... that is the link to show data with that honeypot experiment.... duhh? i mean really?
to see more recent info, SEE THE OTHER LINKS provided... you dolt....
But we all know it is all a fantasy for you isn't it? You go on a number of different websites (with a mac address) and attack stories which are not pro-Apple. None of them are security related (other than this one) and they are all defending Steve Jobs's line of the moment.
So either you are a sad, obsessed sicko who cannot bear it when someone writes any negative story about Apple. Or you are employed to go around Web II news sites and pretend to be a user.
I will give you the benefit of the doubt and say that you should have asked for a bit of IT security training before you tried to pull that one off.
Judging by your posts on other sites you ask the hacks you challenge to do stupid things that pretend to prove your point. So I will tell you to either tell me the security company that hires you so I can have a word to them about their radical "no security policy" or shut up.
BTW I didn't say there were no windows viruses just that I had never had one for that many years (just Trojans which Apple fanboys get).
95% of people are ignorant of science, no big deal, that is how it is...
95% of people are ignorant of history, no big deal, that is how it is...
95% of people are ignorant of cars, no big deal, that is how it is...
95% of people are ignorant of computers, no big deal, that is how it is...
there are somewhere between 90% to 95% of people that are installing AV software on their computers, and believing that this AV software is keeping them very safe.
as a thought experiment:
let us say that there were no Viruses, only malware that a person has to download or go to a site to install.
if a Windows user did not install any AV software in that situation, (and this Windows user did this because he had some knowledge of how malware is placed on a computer)
i believe this Windows user would be more protected than a normal 90% to 95% of the people out there Windows user who installs AV software... mainly because these users believe that the AV software is actually safe, and prevents all threats.... when of course that is not the case...
i believe, but have not run that experiment nor do i have data, that this would be the case...
90% to 95% of people really do not know what they are doing with computers, it is natural, that is how nature works... but that doesn't mean the people who want to, can not figure this out.....
While Nick writes: "Jobs has signed off on a patch which fixes a whopping 13 vulnerabilities."
We find out the Microsoft way is to just ignore vulnerabilities and thus make their patch count lower!
http://www.infoworld.com/d/security-central/sun-microsoft-and-mozilla-leave-the-most-vulnerabilities-unpatched-389
Outstanding!
http://www.dailytech.com/article.aspx?newsid=20008
Lol, viruses have long been out for Macs. Most recent notable virus was actually just today:
---------------------
you idiot, learn what the difference is between a trojan and a virus is... then read the comment about troy's gate above....
geesh man, did you really want to prove the 95% theory above?