Apple Mac OS X Update For 17 Vulnerabilities 259
BSDetector writes "Apple has released fixes for 17 OSX vulnerabilities, ranging from system takeover to denial-of-service attacks. It was the fifth security update released this year. It also marked the first time this year that an operating system security update from Apple did not patch a vulnerability disclosed by the January Month of Apple Bugs project. Today's update pushed Apple's year-to-date patch total to over 100. More than one of the affected flaws were called 'critical' or 'dangerous'."
Your confusion (Score:5, Insightful)
Macs have no EXPLOITS (yet).
This lack of exploits, and thus they need to spend tme preventing/dealing with them, is the selling point for Macs.
You Windows people have been ever confused on the fine distinction, I guess because on Windows if there's a vulnerability there's an exploit already written and working. Us Linux and Mac users know life can be better.
Totally redundant story, please sack someone (Score:1, Insightful)
Re:Four fat guys on a crash cart... (Score:3, Insightful)
Comeback to whom?
"Hey, you there! Yes, you--the small market share that makes up Apple users."
If Microsoft were to say anything about this, it would merely acknowledge, and therefore (ironically) reinforce Apple's (well OSX's) image of being resistant to viruses. Perhaps more importantly, it would also reinforce MS's image of Windows being prone to viruses.
- RG>
Re:Not a big deal (Score:4, Insightful)
Backend - Again, you are wrong - BSD is as best as it can get when you are talking about backends. And if it wasn't for Steve Jobs Apple would not have had OS X at all - It is based on NEXTSTEP ( http://en.wikipedia.org/wiki/NEXTSTEP [wikipedia.org] ) and without it they would have either had to live with something not up to the mark or license WindowsNT. And most people buy macs for OS X and some for the hardware quality.
Re:Your confusion (Score:1, Insightful)
Stop it. Either learn how Mac programs behave, or if you're too inflexible to escape your PC-minded prison, just GTFO. We've seen far too many PC users lately trying to develop for Macs, and to be blunt, we're sick of your shit clogging up what used to be a platform of reliably good software.
Re:open the gates (Score:4, Insightful)
Regardless of where it originates from, isn't any program that allows an unprivledged user to execute code beyond that users privledge a serious issue? Why would it have higher privledges because an e-mail client downloaded it?
Re:The reboot was not appreciated... (Score:3, Insightful)
This could just as well have a different title (Score:4, Insightful)
Since exploits of machines are meaningless if they are not used by at least a nominal portion of the userbase. Unless said machines run very interesting services (like, say, a DNS root server), machines are only interesting in numbers for a potential attacker.
So, as a Mac user I'd see this as a sign of my computer gaining ground in the market.
WHO CARES ABOUT MARKET SHARE (Score:1, Insightful)
So what (Score:5, Insightful)
Yeah, and when they do - then I'll be just as poorly off as Windows users are today! So until that day, why not be better off?
Only I won't be doing as poorly as Windows users, because it will take a long time for Mac or Linux exploits to catch up to Windows exploits numerically.
Sometimes. Not always. See last month's patches. None were 0-day.
That you know of...
Re:Your confusion (Score:5, Insightful)
I'm sure it'll happen eventually, but it's curious that there are no viruses on the loose that target OS X
Mac users don't account for a huge percentage of total users, but it's a large enough group -- and we're usually high-tech enough for it to be highly profitable for spammers/crackers/whatever to work for an exploit - we don't run anti-viruses, and I'm sure most non-developer mac users wouldn't even know how to find the process list, let alone figure out what's not supposed to be running.
Necessary? (Score:3, Insightful)
Re:It's not only about the vulnerabilities... (Score:5, Insightful)
There may be some legitimacy to the complaints that Apple was unresponsive, but I agree, to bring in flaws in third party products to the mix is beyond irresponsible.
Re:This could just as well have a different title (Score:4, Insightful)
The installed base of Macs is estimated to be between 10% and 15% of the market. That value follows from the sales numbers established in market share, amortized across the 5-7 year functional lifespan of the average Mac.
"One machine in ten" seems like a reasonably attractive size for a target.
Besides, you're forgetting the automated nature of malware. You don't create a botnet by hand, one machine at a time. You pump out a massive number of potential attacks and glean the ones that succeed. And having a botnet means having a massively distributed system whose resources can be devoted to making itself even bigger.
It doesn't even take an infected Mac to compromise another Mac. The attack is just a package of data, so it would be trivially easy to dedicate a Windows botnet to locating and infecting Macs if someone really wanted to.
The reason malware developers target the Windows platform is that it's so much easier to find a Windows machine with an exploitable hole and take it over. Windows up through XP carries a ton of historical baggage that assumes the existence of an isolated, single-user system: All processes are launched by a user with absolute privilege. Half the processes on any given machine are running at the highest possible level of privilege, and they accept data from sources with lower levels of privilege. The directory that contains system binaries is writable by pretty much anyone, there's no index to say where any given binary came from, and it's standard practice to add or overwrite files in that directory. The absolute-privilege daemons are controlled by the Registry, which again is writeable by almost anyone, and whose format is obscure enough that it's difficult to find tampering even if you know something is wrong with the machine.
Those were all convenient and effective solutions in the days when 99.9% of the data coming into a machine came from the person at the keyboard. But they don't fare so well against a hostile internet.
OS X doesn't have that baggage. It inherited unix's experience dealing with multi-user systems in an untrusted network environment. Yes, there are weak spots, but the attack surface is much smaller than that of Windows.
The people who collect botnets don't care about market share. They care about exploitability, especially exploitability which can be automated. Windows machines offer an easy target in that respect. Macs and unix-alike systems require more work. And there's no reason for them to do the extra work when Windows machines are both so easy to find and so easy to take over.
Re:It's not only about the vulnerabilities... (Score:5, Insightful)
Sorry... (Score:5, Insightful)
Yeah, bring that myth of "smaller user base means less of a target" one more time. I could use another good laugh.
Re:DING DING DING (Score:2, Insightful)
If I write a virus for OS X, then it may hit a small network of Macs, but then have nowhere to spread. A vulnerability in the JRE would make a good target, since it could potentially be used to write a virus that infected Macs, but spread to Windows and *NIX machines as well.
The difficult thing about writing a virus for OS X is not writing something that infects Macs, it's writing something that will spread in a population where 95% are immune.
Re:This could just as well have a different title (Score:2, Insightful)
So, you'll have to admit then all Jobs said about Windows being an insecure piece of garbage was wrong. It's, you see, just because they have so great market share.
You Mac users can't have it both ways. When hackers didn't pay attention to OSX and people said "this is because noone cares to attack you yet", you said "bs, it's because OSX is such a great OS, it's unhackable, it's secure *nix baby!".
Now you the community turns 180 degrees and claim the opposite.
For me, it *does* have to do with market share, and I believe OSX is an OS as any, and the only thing that pisses me off is the conformist opinion Mac users are ready to adapt at any given point, just to put OSX in a good (or less bad) light.
Re:This could just as well have a different title (Score:3, Insightful)
This would indeed be true if the act of writing malware was a quest that earned a +5 Amulet Of Knowing Real User Numbers which gives them magical abilities that people who don't write malware lack. If however we reluctantly accept the fact that malware writers don't have such wondrous artefacts, then we must also accept that Windows' market dominance and its total dominance of the malware sector are merely a statistical correlation, and correlations do not in and of themselves imply, let alone prove, causality. Exactly the same data could for example be used to support the following hypothesis, which uses the same fallacious logic as your statement:
Weeklekin's Stupid Malware Hypothesis
The notable statistical correlation between market share of desktop operating systems and the amount of malware that's available for them shows that users both expect and demand a wide range of high quality malware applications. Microsoft's latest version of Windows, known as Vista, has many documented problems with a large number of popular pieces of malware, and this has resulted in several major OEMs taking the unprecedented step of retrospectively offering their customers the option of Windows XP, which has proven its unrivalled excellence as a malware host over the last six years. UNIX-based and UNIX-like operating systems such as Apple's OS X, FreeBSD, and Linux will therefore continue to be unpopular in both domestic and business settings unless the designers of both the systems themselves, and various programming tools for them, work harder at achieving the level of malware-friendliness that users of Windows XP enjoy.
Not too technical, huh? (Score:3, Insightful)
So your opinion of computer platforms is driven primarily by anonymous comments on Slashdot? As opposed to any merits of the systems themselves?
Multiple Mac users (Score:5, Insightful)
Yes, they can. You see, Mac users do not all speak with a single Borgified voice. There are some Mac users that believe the scarcity of exploits is due to the better design of a Unix base. And there are actually other Mac users that believe the smaller market share makes Macs a less attractive target. Amazingly, there might even be Mac users who change their beliefs according to argument and observation. What chaos!
Re:It's not only about the vulnerabilities... (Score:4, Insightful)
Mac users do not run as root, and in fact root user access is not enabled by default. Just that by itself is much more important than randomized memory paths and UAC prompts and even firewalls.
Microsoft has people doing office work running as root because their poorly managed third-party software platform has not yet adapted to a networked user model.
Apple is also way ahead of Microsoft on quality, design, execution, product management. It is a more tightly built boat.