Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
OS X Operating Systems Security

Ancient Flaws May Leave Mac OS X Vulnerable 388

mdeb writes "ZDNet Australia is running a story that claims Mac OS X 'contains unpatched security flaws of a type that were fixed on alternative operating systems more than a decade ago.' As an example, in August of last year, Apple patched the 'dsidentity' bug, which could easily have been exploited to grant a non-privileged user with admin rights the capability to create and remove 'root' user accounts."
This discussion has been archived. No new comments can be posted.

Ancient Flaws May Leave Mac OS X Vulnerable

Comments Filter:
  • by Nom du Keyboard ( 633989 ) on Thursday January 26, 2006 @05:34PM (#14573584)
    Wow, stop the presses. Security flaws on a *nix based system. Boy that's news no one expected. Or does somehow the magic Apple logo protect you from all harm - and Bill Gates?
    • by ackthpt ( 218170 ) * on Thursday January 26, 2006 @05:48PM (#14573739) Homepage Journal
      Or does somehow the magic Apple logo protect you from all harm - and Bill Gates?

      It protects you from everything up to the Triassic period. After that, you're on your own. These were ancient flaws, vulerable to ancient threats. Don't boot up in a museum of natural history or you're toast.

    • Well, yes! (Score:3, Funny)

      by IAAP ( 937607 )
      Or does somehow the magic Apple logo protect you from all harm - and Bill Gates?

      You see, you hold a crucifix straight up and down for Vampires; cock it 45 degrees so it sort of looks like the Apple logo, and you'll keep Gates away! But, there's a problem with Balmer, you also need the Firefox logo to ward him off. Sometimes, you need Nerdy, the MS Slayer. She's, yes, it's a woman, the chosen one. I can't say anymore now.

  • by Ravatar ( 891374 ) on Thursday January 26, 2006 @05:34PM (#14573588)
    Now we will just have to sit and wait for Steve Gibson's assessment that Apple intentionally left these exploits open as a backdoor to the system!
    • Re:Steve Gibson... (Score:5, Informative)

      by frdmfghtr ( 603968 ) on Thursday January 26, 2006 @07:02PM (#14574372)
      Now we will just have to sit and wait for Steve Gibson's assessment that Apple intentionally left these exploits open as a backdoor to the system!

      I wouldn't hold your breath on that one, he doesn't deal with Macs at all. I know, I asked.

      Well, it was one of his employees, anyway. I was wondering how the built-in OS X firewall compared to other available products and asked why GRC didn't do any OS X stuff. Here's the reply:

      Also, since Gibson Research only produces software for the
      IBM-compatible personal computing platform, we are sometimes asked
      why we don't write software for the Mac. The answer is:

      (1) We don't know anything about the Mac. We're a small PC software
      development shop and we've become leading experts with the PC. But
      the PC and the Mac are SO DIFFERENT that knowing one tells us nothing
      about the other.

      (2) Being small, we must be careful to expend our resources where
      they will yield the greatest return. With more then 90% of the
      personal computer market dominated by IBM-compatible machines running
      MS-DOS underneath the Microsoft Windows graphical operating
      environment, that's where we much focus our efforts.

      (3) Steve is an insane perfectionist who insists upon authoring all
      of our software in assembly language. Assembly language is tied
      directly to the processor chip in the computer, thus none of our
      software CAN be moved from the PC to the Mac. It's completely tied
      to the Intel processor platform. But because of reasons (1) and (2)
      above, we're doing just fine, and Steve's slavish devotion to the
      highest performance, tight and lean code helps make our products even
      more unique and attractive to PC users.


      This may not be related very well to your remark (yes, I recognized the jab at GRC) and overall OT but I thought the Slashdot crowd might find it somewhat interesting.
      • Steve is an insane perfectionist who insists upon authoring all of our software in assembly language.

        If there's a special pit in hell for evil programmers, then it will probably involve writing GUI code in assembler.

        If that's even partially true, then this guy is a jackass. Assembler? That's great (maybe, assuming he can out-optimize a good compiler), but for which chip? Does he have to re-write "all of our software" every time AMD or Intel release a new CPU, or does he just let his customers run the

    • by Minwee ( 522556 ) <dcr@neverwhen.org> on Thursday January 26, 2006 @08:16PM (#14574897) Homepage
      It's worse than that. GRC has recently discovered that OS X uses something called "Sockets" which, if used incorrectly, could not only completely destroy the entire Internet but also reach out from inside your computer to turn down the dial in the freezer and make all of your ice cream go melty. It's that bad.

      Your only protection against this is Steve Gibson's patented new "Snake Oil!" technology which uses a combination of Stealth PicoWankoProbulators and Network Monkeyspanks to defeat all known "Socket" based attacks. Why Apple chose to include such dangerous technology in every release of OS X is a mystery, but only by paying Steve Gibson a large amount of money can you ever hope to protect yourself against it.

  • I thought OS X... (Score:5, Insightful)

    by msauve ( 701917 ) on Thursday January 26, 2006 @05:35PM (#14573594)
    was an "alternative" operating system. Why is a hole which was patched 6 months ago news? No harm, no foul.
    • by aardwolf64 ( 160070 ) on Thursday January 26, 2006 @05:49PM (#14573750) Homepage
      ...reading the article. From TFA:
      Another vulnerability described by Archibald could allow memory corruption and hand control of a process over to an attacker: "At the time of writing, the vulnerability remains unpatched. However Apple is aware it exists."


      Of course, you might have actually read that part and part of your subconscious dismissed it as false. Reminds me of this post [slashdot.org] from yesterday.
      • Uh huh... (Score:5, Insightful)

        by msauve ( 701917 ) on Thursday January 26, 2006 @06:02PM (#14573880)
        you quoted a claim that there is an unsubstantiated, unnamed hole. You really should try critical thought sometime.
        • you quoted a claim that there is an unsubstantiated, unnamed hole. You really should try critical thought sometime.

          It wasn't too long ago that we derided microsoft for calling virtually *every* security vulnerability "theoretical". I find it interesting that Apple apologists are so quick to resort to the same microsoftian tactics.
          • is that vulnerabilities in the Windows world are quickly exploited, leading to significant damage, while there are no known (or at least well known) exploits on Mac OS, and likewise no known damage.

            So, yes, the real world has proven that same type of potential exploit in the two platforms can legitimately be viewed as a serious problem in Windows (because damage can and does occur) but theoretical in Mac OS (because damage has not occurred).

            • So in other words, OS X is an insecure OS, it's just that the user is "secure" because of low market share. Don't apply the patch if it ever comes out, you'll be safe enough. After all, if it's no big deal that there's no patch after months, the root priveliges hole isn't important enough to Apple to ever patch. I'm sure you would be just as forgiving to Microsoft if they never patched a security hole.
              • Here's the deal:

                • For an unpatched vulnerability to be exploited, the user must enable the affected service.
                • Even if passwords are discovered, or new root accounts created, the user must have enabled remote access to their machines for the authentication to yield any damage.

                This is the 'architecture' argument used so often here. For any attack to result from a vulnerability, there must usually be complementary bugs in authentication and access, and the user must explicitly enable the services that are vu

  • by daeley ( 126313 ) on Thursday January 26, 2006 @05:36PM (#14573601) Homepage
    ZDNet Australia is running a story that claims OS X 'contains unpatched security flaws of a type that were fixed on alternative operating systems more than a decade ago.'

    Only in the Southern Hemisphere. Up here, trolls rotate counterclockwise.
  • Huh??? (Score:2, Informative)

    by goombah99 ( 560566 )
    could easily have been exploited to grant a non-privileged user with admin rights the capability to create and remove 'root' user accounts.

    Duh. any user with admin rights can create and remove user accounts.

    What's more diabolical is that you can do this without entering the admin password. That's not a bug either but maybe an unwise choice. (sorry but I ain't saying how till they patch it.)

    • Re:Huh??? (Score:5, Informative)

      by Big_Al_B ( 743369 ) on Thursday January 26, 2006 @05:50PM (#14573765)
      The awkward wording hides the actual meaning. The problem is that a non-priviledged user could *acquire* admin rights and *then* misbehave.
    • Only if you leave that section unlocked. Press the lock and you're required to enter a username and password. In the end, though, you shouldn't be running as Administrator anyway.
    • Re:Huh??? (Score:4, Funny)

      by booch ( 4157 ) <slashdot2010 AT craigbuchek DOT com> on Thursday January 26, 2006 @06:23PM (#14574051) Homepage
      I was myself wondering what a non-privileged user with admin rights was. But a few more reads finds that it means that the exploit gives admin rights to non-priveleged users.
    • Re:Huh??? (Score:2, Informative)

      by MegaThawt ( 672826 )
      The bug was that the utility used a poor way to attempt to verify that the user was in the admin group, so a non-privledged user who could modify an environment string could do some damage ... the offending code:

      char *envStr = nil;
      envStr = getenv("USER"); //dum dee dum dum!
      if ( (envStr != nil) && UserIsMemberOfGroup( inDSRef, inDSNodeRef, envStr, "admin" ) )
      {
      return true;
      }

    • An important part of the OSX security model is admin!=root. This allows one to bypass this.
    • I think the article is worded poorly. I don't think you need to have admin rights to exploit the vulnerability.

      The dsidentity vulnerability [suresec.org] mentioned in the article suggests that dsidentity uses the "USER" environmental variable to determine whether or not the current user is a member of the admin group. So, presumably, a non-admin user could set the USER variable to the name of someone who is an admin and then dsidentity would allow the non-admin to add/remove user accounts.

      I'm not a Mac expert, so
      1. How eas

  • by phase_9 ( 909592 ) on Thursday January 26, 2006 @05:37PM (#14573613) Homepage
    Thank God people have almost cracked running Windows XP on these new Mactels!
  • by QCompson ( 675963 ) on Thursday January 26, 2006 @05:37PM (#14573623)
    Good thing I use Windows ME.
  • by cratermoon ( 765155 ) on Thursday January 26, 2006 @05:38PM (#14573629) Homepage
    So Neil Archibald, senior security researcher at software security specialists Suresec [suresec.org], says so, and futher said his opinion is justified because Apple does not use software auditing tools to scan enough of its software. This same Suresec, as can be seen on their web page, sells tools and consulting around source code auditing.
    • Does that change his underlying point?

      That Apple should use more software auditing tools to scan for errors?

      Hmm... went to the web page and I don't see any 'tools', just auditing/consulting services.

      Anyways, would it be a bad thing if Apple used more automated toosl to check for problems?
    • by goofyheadedpunk ( 807517 ) <goofyheadedpunk&gmail,com> on Thursday January 26, 2006 @06:33PM (#14574131)
      Now that's not fair. It's entirely possible that Mr. Archibald is very passionate about source code auditing and that his business and this story are just outpourings of... BWAHAHAHA. Oh geez, I can't believe I typed that for so long.

      Yeah, good point.

      Hehe...
    • by Kelson ( 129150 ) * on Thursday January 26, 2006 @07:10PM (#14574442) Homepage Journal

      The author shows his true colors in the following statement:

      "The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms."

      Anytime someone claims that the only reason A is safer than B is that B is used more often, alarm bells should go off. It's never the only reason.

      We went through the same thing with Linux vs. Windows, Firefox vs. IE, I've seen people make the claim about Opera vs. Firefox, it was said about Mac vs. Windows long before OSX, etc.

      If you think about it, the popularity-as-sole-reason argument boils down to claiming that security by obscurity is enough.

      • by nathanh ( 1214 ) on Thursday January 26, 2006 @09:33PM (#14575289) Homepage
        "The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms."

        Anytime someone claims that the only reason A is safer than B is that B is used more often, alarm bells should go off. It's never the only reason.

        We went through the same thing with Linux vs. Windows, Firefox vs. IE, I've seen people make the claim about Opera vs. Firefox, it was said about Mac vs. Windows long before OSX, etc.

        There's a difference. Firefox and Linux and Apache were fairly secure from the very start so as they increased in marketshare the viruses and attacks and exploits didn't increase significantly. However IE and Windows and IIS were fairly insecure from the very start but even so they weren't exploited very much until they had reached a fairly large marketshare. You were pretty safe surfing the web with IE3 and even to a lesser extent IE4 (at least initially) despite being insecure pieces of crud.

        Now what I find most amusing about these "OS X is insecure" stories are the people with their heads in the sand saying "it's not true". They point to the lack of exploits and lack of viruses as proof but that's not proof that OS X doesn't have security holes, just that so far as we know they haven't been exploited yet. Take for example the dsidentity bug which IIRC was a setuid binary with this code...

        if (strcmp(getenv("USER"), "root")) { /* do privileged stuff */ }

        I kid you not. That's the quality of code in OS X. Now any seasoned security veteran at this point would be rolling around on the floor laughing. Apparently that's what the OS X developers did when they were informed of this bug. Because remember that OS X is not a brand-new rewritten-from-the-ground-up OS; it has an extremely long history dating back to the 80s. It began as AT&T UNIX, warped into BSD by students (*shudder*), was partially rewritten to avoid AT&T lawsuits, was further mangled by NeXt!1!1one!, then got a code infusion from FreeBSD, and has been further hacked by Apple since it's "birth" in 2000. There's code in there that is possibly older than you are. I was at a security conference recently where one of the presenters ran through a dozen bone-headed security mistakes in Tiger including kernel overflows of all things. The entire audience was laughing themselves silly.

        Now don't get me wrong. OS X is still significantly better than Windows. They've done a lot of very sensible things such as not running with admin privileges, decent (not perfect) permissions, services disabled by default, built-in personal firewall, etc. Those are all good. But it's not enough. How the hell did getenv("USER") slip into a setuid binary? Why is there a kernel overflow; can't Apple afford one copy of Rational? Where is the virus scanner; even if all it looks for are UNIX-common attacks like the known Apache and Samba exploits. You guys are too complacent. OS X is not all that secure; impoverished marketshare and the subsequent lack of attention from criminals is hiding this truth from you.

        So given that OS X is insecure and does have exploitable code it's only the fact that nobody has seriously attacked it yet that gives it this aura of impenetrability. I fully agree with the statement made by the security professional in the article. If OS X was better written then I would disagree with the security professional's opinion but my own experience and knowledge says that he is right and you are wrong.

  • Ancient? (Score:5, Funny)

    by Shadow Wrought ( 586631 ) <.moc.liamg. .ta. .thguorw.wodahs.> on Thursday January 26, 2006 @05:39PM (#14573643) Homepage Journal
    It must have happened when they translated the binary off of the stone tablets, likely because they were limited to only bronze tools.
  • by autophile ( 640621 ) on Thursday January 26, 2006 @05:40PM (#14573650)
    ...a type that were fixed on alternative operating systems...

    That's the first time I've heard operating systems other than OSX described as "alternative".

    --Rob

  • Sour grapes (Score:3, Insightful)

    by jtorkbob ( 885054 ) on Thursday January 26, 2006 @05:42PM (#14573683) Homepage
    I wonder if Suresec/ Neil Archibald pitched their services to Apple and got turned down?

    Also, from TFA:

    "In my experience -- which is also the experience of some of my peers -- Apple has been very slow to respond to reported security vulnerabilities. It expects security researchers to wait indefinitely to release the vulnerabilities and offers no incentive for them to do so," said Archibald.

    So he's trying to make a living on discovering security holes and getting paid not to make them public? I'm okay with this practice, I suppose, but I get the feeling that he's trying to up the ante by generating some bad press for Apple. The whole things seems awful contrived.
    • So he's trying to make a living on discovering security holes and getting paid not to make them public? I'm okay with this practice, I suppose, but I get the feeling that he's trying to up the ante by generating some bad press for Apple.

      There is no such thing as "bad press" when it concerns notifying the public of various vulnerabilities and the relative latency involved in getting them patched. At least if it were Linux, kernel developers would immediately rise up to the challenge, resulting in a code a

    • Yeah, I agree. Read between the lines and you sense an ulterior motive. Gee, I wonder does his company or firm offer software auditing tools or as you say get compensated by Apple for findng bugs and keeping them secret. You know, that sounds like blackmail or maybe extortion (I can't tell, I get those two mixed up all the time).
    • by theolein ( 316044 ) on Thursday January 26, 2006 @07:26PM (#14574562) Journal
      I, together with another guy on the MacNN boards, discovered some of the more serious aspects of the vulnerability pertaining to url types and mounting of remote volumes around two years ago, when a website could quite easily download, mount and execute an applescript or any application on your machine without you seeing it (Apple's response to this was the fact that you have to authenticate any new application the first time it's run these days, something now also in WindowsXP and Vista). We notified Apple and waited. And waited. And waited. Finally, after 3 or 4 months, Apple finally released the patch with the new functionality.

      It was an extremely serious vulnerability because it was so easy to exploit and Apple really dragged their feet on that, and on other similar cases.

      The guy is spot on with that comment. Apple is really slow in responding to possible exploits.
  • by ta ma de ( 851887 ) <chris@erik@barnes.gmail@com> on Thursday January 26, 2006 @05:46PM (#14573724)
    Considering the user must be priviliged is it safe to say that the user has already authenticated and in the system. I always use passwords like "asldkfje983r0u!56@#987$%^rnYA(*U()*U&0u" for standard users. If they can crack that they deserve to gain admin rights too. You should see my admin key: it is a 10^12 digit mersenne prime.
  • Save me Jeebus! (Score:5, Insightful)

    by 99BottlesOfBeerInMyF ( 813746 ) on Thursday January 26, 2006 @05:54PM (#14573809)

    I think the article makes a good point and one that Apple needs to address. I've long had the impression that Apple does not do enough security auditing, especially of some of their inherited code and that some of their new software has not been as security minded as it could be. I've not heard any of the grumbling the author has about security researchers being treated poorly or response times being particularly slow, but he may be closer to such things than I.

    That said, from the article it is unclear if any of the discovered bugs are remotely exploitable. The one concrete example given is just a local privilege escalation, which is not really all that serious. I do wish that Apple would pay more attention to security and I hope they have a team of elite hackers with their ears on IRC and their hours spent trying to hack boxes. I'm not sure that they do though. My suspicion is a lot of the security comes from the fact that many of the employees are old school UNIX guys that take it more seriously than management. This is, however, unlikely to really bite Apple given the giant target that is Windows where local privilege escalations like the one described here are so common no one reports on them and I don't think MS even bothers to fix them.

    • Re:Save me Jeebus! (Score:3, Informative)

      by mcrbids ( 148650 )
      The one concrete example given is just a local privilege escalation, which is not really all that serious.

      This one sentence makes clear your lack of experience. A "local" priv escalation makes ANY remote hole r00t explotable. It's serious, maybe more than most "remote" exploits!

      As somebody who's spent days (hopefully) digging rootkits out of hacked systems, I can assure you that while remote holes are important, local priv exp holes are every bit as serious.

      For example, a system I admin was exploited by a
  • Where are all the OSX exploits??? I've been running without a virus scanner, although I back up frequently. Nothing, no spywear, viruses etc.

    Are there probably exploits possible. Yes of course. But Apple's security record has been very very good.

    This is absolute hogwash.
  • by Anonymous Poodle ( 15365 ) on Thursday January 26, 2006 @05:55PM (#14573821)
    That does it! I'm swiching back to Micorosoft Bob!
  • There are bigger problems in OSX. Auto-installing Dashboard widgets was stupid, and "Open Safe Files After Downloading" (a silly name for "Open Potentially Unsafe Files After Downloading") is an unnecessary risk only minimally mitigated by adding warning dialogs... but at least you can turn it off. More details in these comments:

    http://www.scarydevil.com/~peter/io/osx-security.h tml [scarydevil.com]
    http://www.scarydevil.com/~peter/io/apple.html [scarydevil.com]
    http://www.scarydevil.com/~peter/io/apple2.html [scarydevil.com]

    Thankfully even these are not as easily exploited as Microsoft's poisoned gumbo of IE, Outlook, ActiveX, and Security Zones... but Apple really needs to take a good look at the way they approach the Internet, and quit being so trusting.
  • by ettlz ( 639203 ) on Thursday January 26, 2006 @06:00PM (#14573858) Journal
    I just hope Bill Thompson isn't the type of alarmist hack who'd jump up and down and say, "Neh! Told you so!"
  • by theolein ( 316044 ) on Thursday January 26, 2006 @06:02PM (#14573882) Journal
    He's right that Apple users are complacent about security. What he doesn't metnion is that this is a trend amongst security companies (scream loudly about how vulnerable Apple users are because they aren't buying his company's fucking products).

    He's right that Apple is very secretive and sometime extremely slow to address security vulnerabilities. He's wrong that Apple not speaking to him means it isn't interested. Apple just learnt the lesson early that being too open to the press (on any topic) is make yourself a victim of their fickle moods.

    He's right that there might be large holes in Apple's OS from earlier NeXT days, but he's sure as fuck wrong when he says it applies to both PPC and Intel architectures. Any crack that relies on memory in the stack being overwritten will not be cross platform.

    He's right that there are open vulnerabilities. He's wrong and simply trolling (probably for profit, the fucker) when he doesn't mention that none of them are remote.
    • by prockcore ( 543967 ) on Thursday January 26, 2006 @06:14PM (#14573978)
      Any crack that relies on memory in the stack being overwritten will not be cross platform.

      The exploit won't be cross platform, but the vulnerability sure can be.
      • The exploit won't be cross platform, but the vulnerability sure can be.

        actually with proper coding a Universal binary, the exploit could be cross platform.

        although, it would be a pain in the ass to create a script to generate the proper NOP sled and shellcode that would work on both architectures.

        Since it appears that the vulnerabilities he's describing require user intervention, I guess a universal binary could be used. hmmmm....

        it would be interesting if Rosetta had vulnerabilities where it would allow pr
  • This is hardly surprising since Apple is hardly known as a state of the art UNIX hacking shop. Switching to Linux would solve this problem, but it would raise the problem of keeping compatibility between updates, since they would lose control of changes.
  • by robertjw ( 728654 ) on Thursday January 26, 2006 @06:07PM (#14573932) Homepage
    When I saw the headlines I thought someone had found Egyptian Hieroglyphs from aliens explaining how to break into OSX.

    Guess my definition of Ancient isn't the same as the posters.
  • by aftk2 ( 556992 ) on Thursday January 26, 2006 @06:09PM (#14573950) Homepage Journal
    The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms
    Umm, sorry. The moment Mac OS X 10.0 started shipping, it immediately became the most common desktop UNIX-like operating system. This guy is divorced from reality.
  • And then it was like... beepbeepbeepbeep, and then, like, half my accounts were gone. And I was like, huh?

    They were really good accounts too. And then I had to recreate them and I had to do it fast, and they weren't as good...

  • Yahoo! Australia broke this one open, eh? So, it's pretty big news, right? And from the summary, I see that Apple patched a flaw six months ago. Uh huh. That seems like something I shuold hear about now. Ooh, I also see from the summary that users with admin rights can do things that only admin users can do! E-stop the e-presses! This is FRONT PAGE MATERAL!
  • a prediction. (Score:2, Interesting)

    by CDPatten ( 907182 )
    lets the spinning begin, and ironically the MS bashing to start. I think its funny this is going to turn into a debate on Windows Security, but what can you do.

    An observation I made in a post a few months ago was that since 2001 Apple has released 5 different releases of OSX, 4 of witch were paid upgrades (approx. $600 if you were staying current all along). They have patched literally thousands of bugs and security holes and continue to do so at a pretty steady rate. We don't hear about it, (In my opini
    • Re:a prediction. (Score:4, Informative)

      by argent ( 18001 ) <(peter) (at) (slashdot.2006.taronga.com)> on Thursday January 26, 2006 @06:45PM (#14574210) Homepage Journal
      (approx. $600 if you were staying current all along)

      I'm currently running Panther (and Jaguar on one Mac), and I'm skipping Tiger unless something comes up that requires Tiger that I actually care about. I got Jaguar, used, for $50, and Panther came on my Mac minis, so I'm good until Leopard comes along.

      It wasn't until Firefox hit around 10% we started to see hackers paying attention and start exploiting the MS alternative product.

      And when precisely did this happen. When "hackers" exploited Firefox, I mean. Real, live, in-the-wild you-better-watch-out exploits?

      Apple's always been a minor player, and back in the '80s and early '90s they had a corresponding share of exploits in the classic no-security Windows-like Mac OS. Being 5% back then didn't keep them from being exploited, being easily exploitable made them exploited.

      They have patched literally thousands of bugs and security holes and continue to do so at a pretty steady rate. We don't hear about it

      If we didn't hear about it, how do you know about it? Do you have GOLD JULY BOOJUM clearance?
  • Uhh... what? (Score:4, Interesting)

    by FredFnord ( 635797 ) on Thursday January 26, 2006 @06:53PM (#14574291)
    ...which could easily have been exploited to grant a non-privileged user with admin rights the capability to create and remove 'root' user accounts.

    Why... how awful. Or the user could have gone to the command line and typed 'sudo foo' and run anything as root that he wanted, including creating and deleting users or whatever else he wants to do, if he has admin rights.

    You could at least have chosen an example that wasn't totally useless on 99.9% of Macs. (Those which allow admins to sudo. Most people aren't dumb enough to explicitly grant admin privs to people they don't want to run as root, either because they know they know what it means and choose not to or because they don't and they don't just randomly check every check-box that comes along.)

    -fred

  • by SuperKendall ( 25149 ) * on Thursday January 26, 2006 @06:56PM (#14574319)

    10) Ten million+ active boxes still "too small a number" to target.

    9) Worlds virus writers all work at Valve; have no idea what the hell OS X is.

    8) OS X originally scheduled to have virus this year; pushed back till Q2 next year to add Intel support and a Universal Binary.

    7) Russian Mafia all actually use Macs, tell underlings to keep macs virus free so they don't have to run virus scanners.

    6) Forget buffer overflows; real mechanism viruses use to spread is actually second mouse button.

    5) No viruses released for sale on ITMS yet.

    4) Actually viruses everywhere but Jobs Reality Distorition Field keeps Mac users thinking they are not there.

    3) XCode secretly detects and transforms viruses into RSS readers instead at compile time; explains glut on Macs.

    2) Virus writers accientally drug virus into one of several hundred "Untitled Folders" on Desktop, now have no idea where it is.

    1) Mac owners just too damn pretty for God to let them get viruses.
  • "In my experience -- which is also the experience of some of my peers -- Apple has been very slow to respond to reported security vulnerabilities. It expects security researchers to wait indefinitely to release the vulnerabilities and offers no incentive for them to do so," said Archibald.

    Why do "security experts" like this come across like blackmailers and extortionists? Maybe it's the language he chose to use... It almost appears like he thinks that software manufacturers should pay up whenever there is

  • by ShyGuy91284 ( 701108 ) on Thursday January 26, 2006 @06:59PM (#14574346)
    The main thing that allows so many Linux distributions to work with low maintenance cost is that they are all based around the same kernel. When a fix is issued to the main kernel tree, it is fixed on all Linux's as they update. So distribution makers aren't pressed to patch it manually themselves. Perhaps OS X's variant of the Mach kernel has strayed too far from the main Unix tree, and suffered a form of seclusion from the goings on of the main tree?
  • by Anonymous Coward on Thursday January 26, 2006 @07:22PM (#14574541)
    He's ZDnet's designated "Apple hitman." They love him because Apple stories - especially negative Apple stories - generate more page views and discussion than any others, especially on News.com.

    I'll grab some examples later, but it's no coincidence that this story is almost pure speculation.
  • by biftek ( 145375 ) on Friday January 27, 2006 @12:25AM (#14576321)
    Uhmmm. The submitter has missed the entire point of that exploit - admin rights aren't required, because the program checks for admin credentials with 'getenv("USER")' - ie "export USER=some_admin" is the exploit.

I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour ... -- F. H. Wales (1936)

Working...