now that you've gone and said that, i went and tested it... WITH A GUEST ACCOUNT. and suprise! doesn't work.

Does that change his underlying point?

That Apple should use more software auditing tools to scan for errors?

Hmm... went to the web page and I don't see any 'tools', just auditing/consulting services.

Anyways, would it be a bad thing if Apple used more automated toosl to check for problems?

lets the spinning begin, and ironically the MS bashing to start. I think its funny this is going to turn into a debate on Windows Security, but what can you do.

An observation I made in a post a few months ago was that since 2001 Apple has released 5 different releases of OSX, 4 of witch were paid upgrades (approx. $600 if you were staying current all along). They have patched literally thousands of bugs and security holes and continue to do so at a pretty steady rate. We don't hear about it, (In my opinion) because the media contains a majority of zealot mac users, but that doesn't mean it isn't true.

It's also worth noting that apple has less then a 5% market share. It wasn't until Firefox hit around 10% we started to see hackers paying attention and start exploiting the MS alternative product. It wasn't that is was so much more secure before, turns out just nobody cared to exploit it when it had no market share. If apple ever gained a respectable market share I believe they would have more holes then windows.

And before you say "its unix"... blah blah blah. You all said it wasn't "unix" a couple of weeks ago when the government released the unix/apple security holes, witch by the way were about triple the windows holes.

anyways go ahead and flame me, but I think its still pretty funny to see this "old" hole. Especially after reading the MS VP response earlier, and some arrogant SOB cleverly writes something to the affect "i'd like to see those same questions submitted to the security guy over at apple, what a difference it would be" ... LOL ... how does crow taste?

Thank you for the anecdote... count yourself lucky.

As someone who admins a number of gateways and firewalls in different netblocks, I can assure you that there are a number of nasty codestreams out there... I set up one Default XP box outside a firewall as a demonstration, and within 15 minutes, it had already been compromised and joined to a botnet. After isolating it, wiping the drive and reinstalling the OS, installing a firewall and reconnecting it, the attempts at re-compromise on that IP address were near instant.

One thing to keep in mind is that some netblocks are more prone to this than others, because of the way a lot of this automated machine compromising software works. If you find that you get no probes/attacks at your current IP address, keep it -- this is one area where security through obscurity is better than no security at all. --I'd also recommend you get yourself behind a firewall, and run A/V and spamblocking software however, if you're running XP. It's possible that the only reason you think you haven't had your computer compromised is that the attackers did a good job writing their software.

...which could easily have been exploited to grant a non-privileged user with admin rights the capability to create and remove 'root' user accounts.

Why... how awful. Or the user could have gone to the command line and typed 'sudo foo' and run anything as root that he wanted, including creating and deleting users or whatever else he wants to do, if he has admin rights.

You could at least have chosen an example that wasn't totally useless on 99.9% of Macs. (Those which allow admins to sudo. Most people aren't dumb enough to explicitly grant admin privs to people they don't want to run as root, either because they know they know what it means and choose not to or because they don't and they don't just randomly check every check-box that comes along.)

-fred

The main thing that allows so many Linux distributions to work with low maintenance cost is that they are all based around the same kernel. When a fix is issued to the main kernel tree, it is fixed on all Linux's as they update. So distribution makers aren't pressed to patch it manually themselves. Perhaps OS X's variant of the Mach kernel has strayed too far from the main Unix tree, and suffered a form of seclusion from the goings on of the main tree?

He's ZDnet's designated "Apple hitman." They love him because Apple stories - especially negative Apple stories - generate more page views and discussion than any others, especially on News.com.

I'll grab some examples later, but it's no coincidence that this story is almost pure speculation.

I, together with another guy on the MacNN boards, discovered some of the more serious aspects of the vulnerability pertaining to url types and mounting of remote volumes around two years ago, when a website could quite easily download, mount and execute an applescript or any application on your machine without you seeing it (Apple's response to this was the fact that you have to authenticate any new application the first time it's run these days, something now also in WindowsXP and Vista). We notified Apple and waited. And waited. And waited. Finally, after 3 or 4 months, Apple finally released the patch with the new functionality.

It was an extremely serious vulnerability because it was so easy to exploit and Apple really dragged their feet on that, and on other similar cases.

The guy is spot on with that comment. Apple is really slow in responding to possible exploits.

The exploit won't be cross platform, but the vulnerability sure can be.

actually with proper coding a Universal binary, the exploit could be cross platform.

although, it would be a pain in the ass to create a script to generate the proper NOP sled and shellcode that would work on both architectures.

Since it appears that the vulnerabilities he's describing require user intervention, I guess a universal binary could be used. hmmmm....

it would be interesting if Rosetta had vulnerabilities where it would allow privilege escalation on malformed code.

It's true... nemo is one of the pioneers of MacOS X vuln. research. Of course greets to LSD for their AIX work... Lamagra, Palante, ghandi, d0tslash and me.. (core). ;-))) And a myriad other people. Nemo is only stating the obvious. I doubt he's tired of finding bugs. He takes joy in it and in fact that is his line of work. ;-) Check out his dual-arch shellcode for MacOS X. Worms love Apples. 'nuff said...

Ok; sometimes things are just so bleedin' ignorant that I feel compelled to respond rather than crapflood.

Are you really saying that Unix has been around since 1946?!

Because it seems to me that if unix.org has anything to say about Unix, it's been around since the early seventies. [unix.org] Is that really twice as long as Apple's been in existence? [apple-history.com] What kind of math do you use where "early seventies" = 2 x 1976?

Damn. And they make MY POSTS negative one.

Exactly, most of the time these flaws are not exploitable (given how we use Unix today). I still think they should be fixed, but this isn't the sensational "sky's falling in" presented in the article.

You can disallow access to the shell (via "terminal.app") for "normal" users (Mac OS X won't allow root login by default anyway) but that's an "extra step" so most users won't do it (fair enough).

Yes it does see ironic that this guy wanted to create a news story rather than submit "fixes" to the Darwin project (the open source project associated with Mac OS X)!

Like most systems, Mac OS X is fairly insecure if you have physical access to the machine anyway (there are "extra steps" you can take to secure it, but here my sympathy is with Apple - if this was enabled by default it would be a huge pain for "most users"). Mac OS X has many features that will secure a Mac that someone has physical access to. Clearly the files should be backed up to a physically secure location (after all I can always remove the disk and reformat it on another system - the OS can't help me there) and "File Vault" should be switched on (so I can't drop the disk into a Mac I DO have root access too, and read the files). Sure I can't stop someone "breaking the Mac" but my files are "safe" (here I mean, I have the backup, and nobody can read them that I don't want reading them). These steps are especially useful on a laptop.

What may eventually happen does not concern me as much as what actually happens now... In the mean time we Mac users will continue to tiptoe through the tulips while ignoring the breathless posts about new gaping holes in MS Windows that arrive on a weekly basis.