Apple Patches Massive Holes In OS X 246
Trailrunner7 writes with this snippet from ThreatPost: "Apple's first Mac OS X security update for 2010 is out, providing cover for at least 12 serious vulnerabilities. The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site." Hit the link for a list of the highlights among these fixes.
Re:Cover your eyes (Score:1, Interesting)
Let me put it to you this way: None of the malware-infested machines I have cleaned up in the last few days were running OS X, just Windows.
There has been a huge spike in infections since that exploit that hit Google was made public-- we're seeing the return of drive-by infections on Windows, it's a whole lot of fun.
Meanwhile, I go home at night and surf with impunity on my Mac running OS X, just like I've done for the last 8 years.
Re:A refund? (Score:5, Interesting)
buyers remorse?
Re:Cover your eyes (Score:3, Interesting)
Anything new floating around for a Mac running 10.6 that will do an IE and pop the browser/OS from a remote site?
Most still need the user to enter his/her password as a application/codec.
Mac are still safe to surf with for now.
Macs have a list of malware and loggers, the pre OS 10 had lots too.
But nothing in the wild to infect just yet with a site visit.
If anything existed outside law enforcement, spooks and one off professional solutions, every Mac AV vendor would have a youtube vid up.
A link to buy protection at a fair price after the 2 to 3 mins of safari getting infected after following a link and their product saving the day.
Re:Cover your eyes (Score:2, Interesting)
Windows 7 can still be targeted by a IE bug that's been in place since IE6. Safari doesn't have zero day bugs *that* old
Regardless of whether or not your statement about IE in Windows 7 is accurate, that doesn't have anything to do with an update for OSX somehow implying that OSX is less secure than it was yesterday.
Re:image format bugs (Score:3, Interesting)
"MASSIVE"? (Score:3, Interesting)
I just wonder why the summary title says "MASSIVE holes..." when the original article "serious".. a bit of bias, perhaps??
More realistically, this is just another security update. Find me an OS that doesn't have them, and for similarly "obvious" or "easily found/fixed" (hindsight and armchair hacking being perfect of course) and I'll either switch right away, or dust off the old TRS-80 from my closet to run it on.
The way I see it, if you have a brain and use it while browsing, you are generally fine. But people are stupid. And if you are going to market your product to stupid people, you need to make sure you do everything you can to minimize the damage stupid people can do to others. (Stupid people generally deserve their own damages...)
Now to start the debate over which company is more in the business of marketing to stupid people...
Re:You forget one simple thing... (Score:2, Interesting)
Huh what? That was an incoherent fanboi rant. IIS has around 21% vs. Apache at 46% and still IIS6 has holded out to be pretty good, especially comparing to Apache.
So far though, not much beyond proof of concept stuff and things that require user credential authentication.
There were tons of vulnerabilities in Safari and Quicktime etc. not to mention the ones in TFA that would work without user credentials.
And this is one in the wild. http://it.slashdot.org/article.pl?sid=09/01/23/0127253 [slashdot.org]
But it has proven to have a pretty good track record - not perfect, but pretty good
Says who? According to TFA, an mp4 video or a picture could install spyware or delete all user files.Thats a pretty good track record? wtf? The only OS with a good track record would be OpenBSD. Apple's software usually has tons of holes.
Re:Cover your eyes (Score:4, Interesting)
You mean the one with cheaper/slower celeron with less L2 cache, slower DDR2 800 Mhz memory, a cheaper/slower integrated graphics solution, no firewire, a cheaper battery, mono audio speaker, VGA Out Only, no bluetooth standard, no Cam standard, and no optical digital audio output?
Comparable specs?
Re:Cover your eyes (Score:3, Interesting)
The point? You're not "us[ing] your computer intelligently" if you don't use any run some sort of security software just as a precaution.
That's a good point.
I'm not saying I only browse sites I trust (porn certainly needs to be watched occasionally), but when I'm browsing I'm using either Opera or Chrome, neither of which seem to get targeted. Not using IE (for anything) is actually the #1 security tip I can give to any Windows user. The only time I'll ever run IE is when I'm developing a site in Opera and I want to test it. I've got a toolbar button to open the current page in IE so it doesn't even need to go to its home page or anywhere else, it goes to the one page I'm working on and that's it, and then I close it. My days of downloading pirated material are also behind me, so that also probably had a significant impact on the average time between infections.
That being said, I'm feeling that with the increased focus on Flash player vulnerabilities, and my complete lack of faith in Adobe, that my days of browsing without explicit protection will be coming to an end relatively soon.
Re:Cover your eyes (Score:4, Interesting)