iPhone Jailbreak Uses a PDF Display Vulnerability 289
adeelarshad82 writes "Latest reports indicate that the website that 'jailbreaks' iPhones, iPads, and iPod Touches does so by means of a PDF-based vulnerability in OS X. PDF parsing and rendering is a core feature of OS X, and there have been several other vulnerabilities in the past in iOS CoreGraphics PDF components." As Gruber points out, the proper term for this is not "jailbreak," but "remote code exploit in the wild."
PDF (Score:4, Funny)
I forget can some one remind me what P.D.F. stands for again?
Re:PDF (Score:5, Insightful)
Poor Dumb *Explicit*s
Re: (Score:2)
Any links out there?
Can you/should you hook it to iTunes for backup? I can guess not to take any firmware updates paste 4.01, but what about otherwise normal iPhone/iTunes activity? How do you restore if you need to?
There's little to no info I've see looking at www.jailbreak.com...
Anyone have any good info or links?
Re: (Score:2)
www.jailbreakme.com
Re: (Score:2)
Re:PDF (Score:5, Insightful)
I forget can some one remind me what P.D.F. stands for again?
Programmable Digital-executable Format
And they've almost got every means of binary execution crammed in.
Re: (Score:2)
Yep, its a whoosh moment...
*whoosh*
Re: (Score:2)
Yes, that is a whoosh moment.
Re:PDF (Score:4, Insightful)
The joke is that this so-called "document format" is going way outside its original scope and now supports so much scripting that it might as well be a library for executable files.
Re:PDF (Score:5, Funny)
The joke is that this so-called "document format" is going way outside its original scope and now supports so much scripting that it might as well be a library for executable files.
I'm going to start sending out all my resumes in dll format... I think it's safer that way...
Say it with me... (Score:5, Funny)
It stands for PeDoFile.
Re: (Score:3, Funny)
Did you say Peter File [youtube.com]?
Re:PDF (Score:4, Funny)
P. D. F = P0wn Da Fone?
GSview (Score:3, Informative)
PostScript files may not render on certain devices, such as non-PostScript printers.
Any printer can be used as a PostScript printer if the PC connected to it is running an implementation of the PostScript language, which converts a PostScript file to a bitmap image. See GSview [wisc.edu].
Re: (Score:3, Funny)
Based on the number of flaws, I would call it "Problematic Document Format".
Does not compute... (Score:5, Funny)
Didn't you know that Apple is more secure?
As soon as I saw "computer-free jailbreak, straight from your browser" I thought "oh man.. here we go."
Re:Does not compute... (Score:5, Funny)
Re: (Score:2)
Re:Does not compute... (Score:5, Insightful)
Genuine question, no sarcasm tag required: How do those who berate Apple's walled-garden approach feel about games consoles? It genuinely puzzles me why we don't hear nearly so many complaints about the lack of open access to consoles, while a similar (to my mind; feel free to put me right) approach to a phone is evil.
As for the exploit that makes this jailbreaking possible, I sympathize with people who wish to jailbreak their phone, but I hope this particular exploit is closed as soon as possible. I've heard there are some unscrupulous types in tha intarweb who might consider using such a thing for less than altruistic purposes.
OK, maybe a touch of sarcasm after all.
Re: (Score:2)
Re:Does not compute... (Score:5, Insightful)
I think the difference is that to many people, a phone is an important part of everyday life. You use it to track appointments, keep in touch with people, read email, surf the web, get information, etc. It's a very personal device.
On the other hand, a game console isn't very personal. While you can personalize it in some ways, it never really rises above the straightforward tasks of playing games and other media. And since you don't (usually) take it with you, a game console is just not going to be as integral to your everyday life as a phone.
So, when it seems like someone else has control over your phone, it's much more unsettling. You think of it and everything on it as "yours," and every time you're reminded that someone else holds all the keys to it, that illusion is dispelled a little bit more.
Re: (Score:3, Insightful)
Genuine question, no sarcasm tag required: How do those who berate Apple's walled-garden approach feel about games consoles?
When I talk about Apple and use words like 'walled-garden' and 'open' my post has the word 'Insightful' appear next to it. That doesnt work as well in console threads, so I use words like "defective-by-design' and 'RROD' to make it appear.
It's a feature... (Score:2, Insightful)
It's really funny to see how this is treated by the mass media. They make it sound like it's a feature...
Re:It's a feature... (Score:4, Insightful)
Re:It's a feature... (Score:5, Insightful)
It says nothing about Apple's policies and everything about the mass media.
Re:It's a feature... (Score:5, Insightful)
I looked at the web page for my local newspaper today and it featured two headlines right above one another:
1. iPhone4 Jailbreak Offers Apps to Millions
2. Microsoft Windows Flaw Leaves Millions Vulnerable to Hackers and Malware
I guess we always knew that mass media lives well inside the reality distortion field, but still ...
Re: (Score:3, Insightful)
Re: (Score:2)
No no no, you see, its not a Jailbreak, its a Remote Code Exploit... straight from your browser.
Re: (Score:3, Insightful)
You have to admit though, that the whole thing is extremely user-friendly even when jailbreaking. No stupid yellow pop-up ActiveX warnings, just tap here, slide there, and off you go. I wonder how much Apple influence was there when the UI was designed for this jailbreak. Compare how nice it looks next to most PC-based cracks/hacks that one can download. I'm half-serious here.
This is really tiresome (Score:2, Interesting)
Is it really so hard to write a document viewer that can not crash? These aren't small companies. We're talking about Apple, Adobe, Microsoft here. Can't they at least get the core functionality right? I'll settle for safe if getting it right is too much to ask for.
Re:This is really tiresome (Score:5, Funny)
I saw a brilliant slide at Blackhat last week that sums it up perfectly (same vendor, different product)
Native Security Functionality of Adobe Flash
[ This slide intentionally left blank ]
Re: (Score:3, Insightful)
In the computing world we live in, where performance is everything, and correctness merely nice to have, yes, yes it is that hard. Until we start using highly abstracted, highly statically checked languages, and implementing proofs that things like buffer overruns happen, this is the sad reality we live in.
Explois and wikileaks (Score:2)
Re: (Score:2, Insightful)
Its actually not hard to read the entire exploit yourself from the site. Change your browsers useragent to an iPhone like string, and inspect the javascript on the page. i scoffed when i found the function that makes the url to the exploit file:
function get_page() {
return model == null ? null : ("/_/" + model + "_" + firmware + ".pdf")
}'
LOL (Score:5, Funny)
"Just don't render it that way." - Adobe
Re:LOL (Score:4, Interesting)
No the REAL LOL is the advertisement on this page.
Vulnerability Management for Dummies
Whatever Slashdot uses for it's adserver, I applaud.
Apple does not use Adobe Reader for PDF (Score:5, Informative)
Apple does not use Adobe Reader for PDF. I thought everyone knew this by now. Apparently not.
Re: (Score:2)
Give me back my shoes. You are a dog. They don't even fit.
Jailbreak WARNING!!! (Score:4, Informative)
Re:Jailbreak WARNING!!! (Score:5, Funny)
BREAKING NEWS!
Your attention please. We have a very important announcement to make. Listen carefully, because what we have to say MAY SAVE YOUR LIFE!
Today's top story: Hacks can have unintended consequences.
That is all.
Re: (Score:2)
You must have bad luck. Neither I, nor anybody I know with jailbroken phones, has any bookmark issues. I have heard of MMS and FaceTime issues, but I don't really use either.
Frankly, though, the jailbreaks are less necessary for me than they were on 2.0/3.0. Multitasking, copy/paste, Bluetooth keyboards etc are all built in now, and done better than the unofficial apps (as professional as they are). I was browsing through Cydia the other day and while I installed the usual MobileTerminal, ssh, etc - that I
Youtube fix (Score:2)
If you are having trouble with the homescreen, there's a new jailbreak using a youtube video that should work:
http://www.youtube.com/watch?v=Tg4u7ko333U [youtube.com]
PDF? (Score:2, Insightful)
It's Adobe's revenge!
Re: (Score:2)
No. Didn’t you read TFS? The PDF renderer is a native part of OS X. Adobe had nothing to do with it.
Re:PDF? (Score:5, Informative)
Not only is it native, it's really, really insecure. A security researcher named Charlie Miller wrote a 5-line Python script to generate fuzzed (slightly corrupted) PDF files from valid templates. He created roughly 2.8 million of these, and then ran them through Apple's Preview program, and through Adobe Reader. His findings:
0.09% crash rate on Reader, and 4 exploitable bugs found.
5.6% crash rate (52x as many), and 61 exploitable bugs found (15x as many).
When your security is more than an order of magnitude worse than Adobe's, you've got a major problem.
By the way, this is the guy who won an iPhone at Pwn2Own. He's presented at CanSecWest and Blackhat, and possibly elsewhere. He knows his stuff.
Re:PDF? (Score:4, Informative)
(Sorry to reply to myself, but the second line - the 5.6% crash rate and 61 exploitable bugs - is in Apple's Preview app. I also got the factor wrong (it's closer to 60x as many crashes). Sorry, I really need to stop posting on /. at work; I'm too distracted to double-check before hitting Submit.
Re: (Score:2)
The new jailbreak is amazing (Score:4, Informative)
I came into the office this morning and noticed that a forums thread I monitor on jailbreaking had exploded over my long weekend. I checked the iPhone dev team blog and they explained that there is a new jailbreak that you can visit with the browser on your phone.
I navigated to the page on my phone and it said "swipe here to jailbreak".
I swiped.
It took about 5 minutes to jailbreak my phone and install the Cydia unofficial app store.
Simply amazing work. Once I had Cydia I installed ultrasn0w from the repository and now my phone is carrier unlocked.
Great job, hackers!
Re:The new jailbreak is amazing (Score:5, Insightful)
Yes, excellent job. Now you just ran an app on your hand held computer that rooted it from a browser. Amazing work of the hackers aside, are you certain you now know for sure your phone is not spying on you and is not going to be used for something you do not want, like someone else using your connection for long distance calls or for spam or DDOS attacks or just a part of some cellular botnet?
Amazing job - someone rooting your phone through a PDF.
Re: (Score:2, Informative)
Uhm, if you read on the jailbreak page, after the phone is jailbroken, and Cydia installed, they (the hackers who wrote the exploit) then fix the flaw in safari so that no more code can be run to root the phone.
So, yes. It is a benefit, since there is obviously a serious flaw in the os & jailbreaking it fixes the flaw.
Oh yeah, and no mms or bookmark issues for me either. It Just Works.
jaz
Re: (Score:2)
What?
The iPhone is vulnerable to rooting attacks via its PDF handler by any web page. If and when someone writes a -malicious- exploit for that, wouldn't they just hide it in a page that gets LOTS more views, like porn? Why would they go to the trouble of putting it in a useful-but-geeky jailbreakme site?
Re:The new jailbreak is amazing (Score:5, Insightful)
Pardon my language, but, what the fuck?
If my web browser is such that browsing to a page can lead to code execution as root, that's bad. I don't care if the system is open or closed or what government agency might be listening in, it is a serious vulnerability any way you slice it. It should be patched.
Your comment is entirely irrelevant to the post it is replying to. You're phrasing it as a rebuttal of some kind, but it does not say anything to this point.
Re:The new jailbreak is amazing (Score:5, Insightful)
Your comment is ridiculous, yet moderated at +5 Insightful. If your computer can be owned through a web browser by opening a PDF, then your computer is insecure, this is the issue.
If you buy products from a company that does not release source code that is a different issue completely. Yes, a company can be providing governments with your information. No, it does not make it OK for the phone from that company to be exploitable the way iphone is.
Re: (Score:2)
If your computer can be owned through a web browser by opening a PDF, then your computer is insecure, this is the issue.
Agreed. So it would be better if this flaw was fixed. However, this flaw is currently not fixed and for the individual user running the exploit does not add the vulnerability, it just uses it.
Re: (Score:2)
As opposed to buying a phone that does not require a vulnerability the size of a small country to do what you need it to do in the first place.
Besides, these kinds of vulnerabilities can be exploited by anybody, not just the 'good' hackers and the 'bad' hackers, but potentially the government you so fear as well. So no, unless the jailbreak fixes the vulnerability (I highly doubt it), you haven't gained any safety at all.
Re: (Score:2)
Are you really more worried about warrantless wiretaps than about completely anonymous people on the internet having the ability to take over your computer?
Well, most completely anonymous people on the Internet don't, eg, have access to nuclear weapons and Navy SEALs.
The US government does.
Just sayin'.
Re: (Score:2)
I went to the grocery store to buy some apples. I asked the clerk where the apples are, and he responded, "The gas station doesn't even have access to pumpkins!"
Re: (Score:3, Funny)
That's the Apple stance on kernel-level remote code execution exploits: It Just Works!
So what is it exactly? (Score:2)
Re: (Score:2)
Its obviously in Apple's PDF viewer, whether or not its a result of that viewer being a direct implementation of the spec.
But I'll be surprised if anyone can point to anything in any version of the PDF spec which requires a conforming implementation to allow unrestricted access to the underlying OS. It may require that certain APIs be available, but I'd be very surprised if it didn't allow those APIs to
Re:So what is it exactly? (Score:5, Informative)
It's a bug in the font rendering component, which apparently lives in kernel space. PDFs are allowed to embed fonts, and apparently Preview doesn't verify the font data before tossing it to the renderer. Apparently the renderer doesn't verify it either, because instead of rejecting the data as invalid, it gives the attacker completely unrestricted control over the software.
PDFs having embedded fonts is a very useful and entirely reasonable feature. It would help if Preview validated the fonts, but that's not entirely required (you could validate somewhere further down the pipeline, so long as you don't try to process the unvalidated data). There are several other ways to remotely load fonts, ranging from other document formats to the Web Open Font Format (http://www.w3.org/Submission/2010/03/) and some CSS in a web page. There's a decent chance that at least a few others are vulnerable to this exploit. However, there's been considerable research recently into Apple's PDF reader, with one researcher finding 60 different exploitable bugs in the software (though most of them probably aren't kernel). By comparison, the same testing data found three exploitable bugs in Adobe Reader.
Having font rendering/rasterizing in the kernel is... not brilliant, but not inherently a critical security flaw. It's certainly possible to do in userland, and probably safer, but displaying text is something that almost every app will need to do at some point, and putting it in the kernel will minimize memory footprint and maximize performance. The real WTF here is that the data isn't being validated extremely carefully as soon as it enters the kernel, and possibly before. When kernel-mode code starts parsing unvalidated data, the best you can really hope for is that you get a kernel-mode crash and are forced to do a hard reboot (on Windows, this would be a BSOD).
Re: (Score:2)
But I'll be surprised if anyone can point to anything in any version of the PDF spec which requires a conforming implementation to allow unrestricted access to the underlying OS. It may require that certain APIs be available, but I'd be very surprised if it didn't allow those APIs to return errors if code running in a PDF document attempted to use them in a way which would violate the basic integrity of the underlying OS.
There was a PDF vulnerability about a year ago that allowed execution of code [eweek.com]. This was a design feature in PDF to run other things like media. For Windows that allowed the running of code and not just media. It didn't affect just Adobe's PDF viewer; it affected any PDF viewer on Windows. It didn't affect OS X at the time.
Now we just need jailbreakers to fix the hole (Score:2)
Now we just need the jailbreak team to release a Safari/Preview patch to fix the hole. That way, we won't have to go to 4.0.2 in order to be safe from the PDF exploit, thus locking us out from the jailbreak.
Interesting... (Score:2, Insightful)
That Tavis Ormandy is torn apart for releasing a more complicated vulnerability, but jailbreaking your phone just by clicking a url is widely celebrated. How difficult is it really gonna be to weaponize this jailbreak...
user mode? (Score:2)
Why is this phone not running user mode for this stuff? System mode for services only, why is PDF parsing being handled in system mode? All this stuff, non-executable stacks/data, memory protection etc ought to be set to the max. On the one hand its exciting to see these hacks, on another its depressing since in my own life as an ARM fw programmer, I would have been shown the door 10 yrs ago for that type of coding oversight.
bleh (Score:2)
Re: (Score:2)
Does it Fix it? (Score:2)
The original jailbreakme.com exploit, the iPhone 1.1.1 one that Woz demo'd on video, cleaned up after itself by patching the graphics bug that it used. Does anyone know if this exploit does the same thing?
Re: (Score:2)
Not a virus (Score:5, Informative)
Macs (and the iPhone) do not yet have any active viruses in the wild.
It does not mean they cannot get them; there just are none.
This jailbreak thing is indeed a real live exploit running in the wild, but it's a trojan (kind of) since you are asking it to do one thing (display a PDF) and it does another (jailbreak the phone).
In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...
So there is in fact a known exploit (this PDF bug) and one instance of something that exercises it. Very likely Apple will have this patched in pretty short order - what is really interesting to see is if there will be any "real" (read: malignant) exploits. My guess is probably not, since mobile platforms do not make great zombie systems to control the way desktops do.
If it were a real virus vector the story would be different as the lure of quickly taking over millions of devices would be very strong...
Re: (Score:2, Insightful)
In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...
If you consider jailbreaking the iPhone a favor to the user. The next site that uses this gaping security hole to install a rootkit, or other malicious piece of software, won't be such a favor. This is a huge security issue for iDevices. When I posted the 'browser jailbreak' story the other day I included this (which was not included in version that posted by the editor):
The ability to modify iOS simply by visiting a website leaves these iDevices vulnerable to all sorts of malicious possibilities. I'd bet the ranch that Apple isn't the only one analyzing the website in order to diagnose this major security hole ... so are those with more nefarious intentions.
The fact that it is a PDF exploit rather than an iOS issue makes it more difficult for Apple to patch since it's not "one of their own". C
PDF is iOS core (Score:5, Insightful)
If you consider jailbreaking the iPhone a favor to the user.
The users who are doing it would, that's why they are doing it!
The next site that uses this gaping security hole to install a rootkit, or other malicious piece of software, won't be such a favor. This is a huge security issue for iDevices.
Oh, I totally agree - it's a pretty bad security flaw, and has nice demonstration code for how to exploit it as well so it's pretty much the worst possible case.
That's why it's so interesting to see if there are in fact followup malicious attacks.
The fact that it is a PDF exploit rather than an iOS issue makes it more difficult for Apple to patch since it's not "one of their own".
No. Apple wrote all the PDF handling code in iOS (and on the Mac). We'd see a lot more attacks like this had they embedded Adobe Reader....
Clearly it's Apple responsibility to fix this ASAP (and their fault for letting it get into customer's hands), so they better get on it before someone else starts turning things into iP0wns.
It is 100% on Apple to get a fix out. With 4.1 so close at hand, they may wait on that to finish up... or perhaps it's a sliding scale and the first sign of any real attack will bring down the update hammer if it happens before 4.1 (4.1 beta 3 just came out today and probably fixes this bug).
Re: (Score:2)
No. Apple wrote all the PDF handling code in iOS (and on the Mac). We'd see a lot more attacks like this had they embedded Adobe Reader...
I missed that in the story. Since it's been a part of iOS/OSX for a long time there is absolutely no excuse for it.
With 4.1 so close at hand, they may wait on that to finish up... or perhaps it's a sliding scale and the first sign of any real attack will bring down the update hammer if it happens before 4.1 (4.1 beta 3 just came out today and probably fixes this bug).
I'd be all over MS if they waited until this 'hit the fan' and I'll give Apple the same level of tolerance: zero. Apple needs to issue a fix for this yesterday.
Re: (Score:2, Insightful)
Unlike open systems, they do largely prevent users from doing stupid stuff. However, because some percentage of users wish to escape the controls(which are never entirely benevolent, the temptation to rent-seek is just too strong), those users and the platform vendor become adversaries.
On an open system, the incentives of the user and the platform vendor are aligned: both want it to be as secure as possible. I
Re: (Score:2)
It's not really a trojan, either. Gruber is as much a moron as Dvorak. This is simply doing something the user wants done.
Could it be a a virus vector? Anything that allows the user to install and run code is a virus vector, since any running code is a potential virus, especially if it can do so without the user's knowledge, but there are cases where even software that's installed with user's knowledge can become a virus or infection vector -- that's a hybrid trojan/virus.
And iPhones are a GREAT target
Re: (Score:2)
Actually, it advertises itself to the user as a jailbreak, even if the OS feature it exploits to perform that function is the PDF reader, so its not malware at all (at least, based on any current
Re: (Score:2)
In a way it should be labeled Malware, but that hardly seems an appropriate label since it's doing the user a favor...
Benware? Beneware? Goodware?
Re:Not a virus (Score:4, Informative)
If you don't consider a WORM a virus - than there isn't much in lines for Windows Viruses either these days. Almost everything else could be classified as trojan, worm, spyware, or other non-virus malware. I haven't had to clean a virus in a LONG time.
Mobile platforms can be a great target (Score:2)
Bad guys can monetize a compromised cellphone in a single step by having it call premium-rate numbers.
Re: (Score:2)
For sufficiently loose definitions of "virus" (i.e. any malware, which is what most users mean) there actually is some in the wild at present.
http://www.intego.com/news/osx-opinionspy-spyware-installed-by-freely-distributed-mac-applications.asp [intego.com]
http://blog.intego.com/2009/06/19/new-rsplug-trojan-horse-variant-found-on-game-sites/ [intego.com]
Found that in a casual glance down a completely unrelated story (on browser privacy). Is there any malware that is actively exploiting a genuine 0-day in OS X at present? I don't kno
Re: (Score:2)
True, that. No self-replicating agents that infect host applications for iPhone or Mac.
But there are self-replicating agents that survive independent of host applications for the iPhone. The rickroll worm is still active and scanning network ranges frequently enough that you probably want to turn off 3G while you install sshd, so you have time to change the root password. And there's a more malicious but less common strain seen in the
Re: (Score:2)
While its true there are ( almost ) no viruses in the wild for OSX/etc its not just due to the fact there aren't many yet, as in reality the systems are inherently more secure out of the box and ( as this shows ) the major security flaw with them is still the user.
Userland Trojans aren't worth much so there isn't a lot of incentive to go after them. The windows world you are more able to get past userland and into the system itself, so the value is much higher.
Too easily overcome (Score:2)
Why not? They make great attack drones that are reasonably difficult to trace.
That's true, but system updates can pretty much overwhelm anywhere a rootkit like system would attempt to hide, and users almost always install updates.
The greater willingness of users to actually install automatic system updates is (IMHO) the reason why you really don't see malware or viruses on Macs and iPhones. The whole system shuts down during an update and is pretty easily cleansed.
Re: (Score:2)
"That's true, but system updates can pretty much overwhelm anywhere a rootkit like system would attempt to hide, and users almost always install updates."
This might be useless if the 3G/4G networks gets blasted by a ton of zombied iPhones and updates can't get to the phone so easily. Or possibly you could use this to disable the network entirely and essentially brick it until reset to default.
So many attack vectors, so little time.
Not really an issue (Score:3, Insightful)
This might be useless if the 3G/4G networks gets blasted by a ton of zombied iPhones and updates can't get to the phone so easily.
The updates comes through iTunes on the users home connection, not over the cell network.
Or possibly you could use this to disable the network entirely and essentially brick it until reset to default.
That implies an exponential spread which would mean a real virus. A website or two that spread malicious code would be unable to have this effect. There's really not a good way you
Re: (Score:2, Insightful)
They are not connected to the internet as much, and their bandwidth is not as great as most drone computers.
Also, using a phone as a zombie is going to be draining resources, and phones are built to process as little as possible to save battery.
They would be fantastic for data mining, and fraud, but as part of a botnet they just dont have the resources a good ol desktop has.
Disagree on degree of connection. (Score:2)
They are not connected to the internet as much
I disagree - they are actually connected way more often than a normal PC. People close laptops, and lots of people shut down desktops at night.
A phone is on 24x7, always connected to the cell network. It's not even shut down for charging.
Also, using a phone as a zombie is going to be draining resources, and phones are built to process as little as possible to save battery.
It would eat into battery quickly to be sure. I totally agree they would be pretty weak
Re: (Score:2)
Yes.
1) Virus has no plural form in Latin and as such viruses is the most accurate pluralization in English.
2) The only way virii would be correct is if virus was a masculine second declension term which it is not.
Re: (Score:2)
The only way virii would be correct is if virus was a masculine second declension term which it is not.
Sadly also true of penii :-(
Re:I hear differently from Users (Score:4, Insightful)
Re: (Score:2, Redundant)
It's the plural of virus
Er, did you read the page you linked to?
The plural virii, though common, is often considered to be incorrect, and based on a misunderstanding of Latin. There is no plural for the Latin word virus; using the native English pluralisation rules, to yield viruses, would arguably then be most correct.
Re: (Score:2)
Re: (Score:2)
No formal rules for pluralization? (I presume you meant pluralization rather than conjugation.)
To pluralize:
if HasSpecialPluralization(word) // e.g. vortex -> vortices; antenna -> antennae
DoThatSpecialPluralization(word)
else if last_char_of_word(word) == "s"
add "es"
else
add "s"
Re: (Score:2)
A weak security Flash player is built into every copy of OSX so you too can worry about security.
Apple excludes Flash from iOS, and people bitch. Apple includes Flash as part of MacOS/X, and people bitch. They can't win.
Re: (Score:2)
Re: (Score:3, Insightful)
What about not including it by default, but not banning it either, and letting people install it if they choose to?
Re: (Score:2)
Jobs has yet to slay the beast
Problem is for all of Jobs complaining about Adobe (and more accurately Flash), Jobs seems to love Flash. While its not on the iPhone, it is installed by default on every Mac and is the only major OS that does that. Windows, OpenSUSE, Ubuntu, these need you to go get Flash after you've installed the OS. OSX has it out of the box showing that Jobs does indeed feel a big love for Flash and feels it really is something that helps make a system feel "more complete" and ready for the mass market.
Re:Adobe Strikes Back! (Score:5, Insightful)
More relevant to modern readers, most OEMs seem to ship consumer-focused systems with vaguely up-to-date-but-just-a-bit-behind versions of Flash(and acrobat reader, and other stuff). This isn't strictly microsoft's fault; but it is what you are likely to get out of the box.
Re: (Score:2)
Re:Duh... pointed out ages ago (Score:5, Informative)