Oh holy fruit buns!

[melmation]

This just in from Engadget...

Leopard and Snow Leopard exploit now online!

I'm not worried myself as I run Tiger at the moment and I doubt this will get very far but worth a read I think

Mel

 

[TattooedMac]

Yea good find BUT im not worried, and im running SL. If its a flaw Apple no about it and dont think it will take them long for some sort of update to close the flaw up .....

Known since July... SL wasnt even out then !!!!!

 

[iggibar]

I had a great laugh reading all the comments on that post! I think it's rather hilarious when PC people jump on the posts to comment on how crappy macs are because they just got exploited or something of that nature, it would be SO easy to turn around and reply about how windows probably has had millions of exploits/virus problems...but it's not worth the effort! If this was a real huge problem, we would have all known about it, but chances are, Apple found out about it and patched it up while installing some other update. I'm not worried! Why should we be worried about ONE thing? You should be worried on windows!

 

[McBie]

Hmmm.....

Explained in a bit more detail here PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability

As you can see this is not a Mac OSX specific issue, but i will affect OS X 10.5 & 6.

Not sure yet how it will propagate and not sure how you can detect you have been hit. ( since it will not require user authentication )

This is interesting stuff.

Cheers ... McBie

 

[cuhnool]

Hmmm.....

Explained in a bit more detail here PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability

As you can see this is not a Mac OSX specific issue, but i will affect OS X 10.5 & 6.

Not sure yet how it will propagate and not sure how you can detect you have been hit. ( since it will not require user authentication )

This is interesting stuff.

Cheers ... McBie

Yes, very interesting. No one would have to worry about this if there weren't people out there who had nothing better to do but sit on the computer trying to find a hole in the OS code. Pathetic, really.

 

[CrimsonRequiem]

The world as we know it has ended obviously. >_>"

 

[True Bassist]

The world as we know it has ended obviously. >_>"

Poops, I kinda liked it...

 

[melmation]

I've been told by Apple and PC users for about 2 years now that "A virus or trojan invasion of OSX is eminent with the uptake of people switching to Mac".

Whilst that is true, it still hasn't happened and as many of you have pointed out it kind of had to be 'forced' to work on OSX and as you also pointed out it isn't OSX specific.

I too feel we're all safe and I'm sure Apple have a resolution in the pipes somewhere. Whilst I'm dreading the day OSX will NEED an anti Virus program, I couldn't give a diddly right now to be honest and I hope this was rustled up Engadget due to being a slow news day.

Mel

 

[cwa107]

I certainly find it disheartening that there's been a known exploit for more than 6 months and Apple has done nothing about it - and this isn't the first time. The Java exploit that was going around several months ago was the same way. It finally surfaced, but it was ages before it did.

Once an exploit is publicized, it's only a matter of time before some jerk decides to put it into executable form and make a worm.

 

[idirtbike]

oh noesss! idc i still feel like Mac's are immune to virus.

 

[cwa107]

oh noesss! idc i still feel like Mac's are immune to virus.

Feel differently. No computer is 'immune' to viruses. More resilient? Sure. Immune, never. Not as long as human beings are coding operating systems and viruses.

 

[the8thark]

Agreed. Apples are designed and built by people. And anything built by people are not perferct. Sure Apples are bloody good but not perfect. But I do think Apple need to act quicker with these security issues. Sure they need to assertain the false alarms from real threats but still their responce time for my liking is a little slow.

 

[cwa107]

Exactly, the8thark. Say what you want about Microsoft, but they are usually much, much quicker to quash security vulnerabilities.

 

[Nethfel]

Exactly, the8thark. Say what you want about Microsoft, but they are usually much, much quicker to quash security vulnerabilities.

True, but let's also face it - they (Microsoft) have a LOT more security vulnerabilities brought to light (not saying they necessarily have more or less then OSX, just more brought to the attention of the average joe hacker). Also, back in the good 'ole days (we won't comment on windows 3.x, just on the 9x and newer) they were pretty sluggish on fixing issues, but became faster and better over time.

I have a feeling the same will eventually happen at Apple over time as they run into more and more issues they will learn to get the fixes out faster. Apple will probably need to learn some hard lessons first, but I'm sure they'll learn

Am I gonna run out and buy a PC just because this has happened? No. Am I going to be cautious on what I run, especially through email? I always am, whether windows, OSX, linux, etc. - any attachments I'm wary of. Am I going to run an AV? Well, honestly, I have since about week 2 of Mac ownership just because I'm paranoid

 

[cwa107]

But since Apple has relatively few, shouldn't they be quicker about patching them?

This just says to me that Microsoft has dedicated resources to this sort of thing that Apple hasn't. It's about time they take a more aggressive stance.

 

[clayneal]

But since Apple has relatively few, shouldn't they be quicker about patching them?

This just says to me that Microsoft has dedicated resources to this sort of thing that Apple hasn't. It's about time they take a more aggressive stance.

I couldn't agree more. Perhaps time to divert some of the energy from "the next best thing" to lets make what we have the safest thing. I believe that security is truly a top reason people switch and that could all go away if apple develops a rep for being slow to fix known issues.

just my take on it
Clay

 

[Nethfel]

But since Apple has relatively few, shouldn't they be quicker about patching them?

This just says to me that Microsoft has dedicated resources to this sort of thing that Apple hasn't. It's about time they take a more aggressive stance.

I agree, in theory, Apple should be quicker - but then again, way back when MS had "few", they took forever to patch too, which more implies to me that MS has learned something that Apple still needs to learn (and this isn't a good thing, Apple should learn from MS mistakes).

Plus, I think that Apple has some head in the sand type of mentality going on (ie: it can't happen to us, and even if someone claims it can, we'll deny it for as long as possible), and I think it's going to be something related to that mentality that will become the wakeup call to change some of their focus to improve security patching speed.

Plus, as this issue seems to affect other OS' that are unix style platforms (BSD, etc.) it maybe that Apple is waiting for a fixed lib file which really they should fix it themselves rather then waiting on some other group to do it...

At least this is what I'm thinking IMHO.

 

[McBie]

I couldn't agree more. Perhaps time to divert some of the energy from "the next best thing" to lets make what we have the safest thing. I believe that security is truly a top reason people switch and that could all go away if apple develops a rep for being slow to fix known issues.

just my take on it
Clay

Whilst this is absolutely true, ' Security ' means different things to different people. So far, companies have defined what is bad and tried to keep that out of their systems. That is a loosing battle.

Today, people start defining what is good and let only that flow through their systems and that allows them to have control over what is happening.

I am sure OS vendors are well aware of the threats out there and the vulnerabilities in the code they use. Their approach might well be to define the good code and let only that run on the CPU instead of checking for bad things and prevent that. But that is a drastic change and requires a business case ( after all it's all based on economics and business models )

The game ( sic ) will get more difficult every year because unwary people on the internet are considered ' fair game ' for the bad guys, who are now organised into companies with a business model.

I am not worried too much if my computer would display the message ' you have been compromised ' ..... at least I would know, and a clean install and a restore from backup would solve my problem .... annoying but harmless.
If there is code running that you do not see, by the time you get suspicious, even your backups might be infected and then what.

Anyway .... as Bob Dylan once said ... " The times they are a changing "

Just my 2 cents

 

[god0fgod]

Feel differently. No computer is 'immune' to viruses. More resilient? Sure. Immune, never. Not as long as human beings are coding operating systems and viruses.

Theoretically you can design software to be completely hack safe.

People blame apple when Apple never wrote the library which si causing the problem. It's something that can be fixed with almost no effort.

"Array index error" - Probably as simple as changing a simple number.

I don't see why compilers can't check for overflow bugs. It's a simple mistake with potential massive consequences.

Things like this should be used - StackGuard (Source Code)

One problem I find with modern operating systems is they don't stop thrashing. When one program is experiencing a problem it can crash the entire system.

 

[p3ezi(moto)]

a machine is a machine and all things are not perfect. PC's suck and my Mac is better than that, I know that much. I came to the MacSide from the Darkside. That article makes me think of the Matrix finding a loop hole in the rebellion. In the end they still lost.