OS X and iOS most Vulnerable OS?

Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
It's true, although sort of disingenuous. The reason the listed OS's are more vulnerable in 2014 is the exact same code was used across all of them (and pretty much every other Unix variant).. and the exploits in the code were finally discovered (most having existed for a long time).. and ALL patched already.
 
OP
lclev
Joined
Jul 24, 2013
Messages
4,845
Reaction score
514
Points
113
Location
Ohio (USA)
Your Mac's Specs
2021-14" M1max MBPro, iPhone 13 Pro, Watch 7
And that is what I got from the article. I knew the patches had been issued. I just found it interesting the article comes out but it is a day late and a dollar short. Old news.

Lisa
 

Slydude

Well-known member
Staff member
Moderator
Joined
Nov 15, 2009
Messages
16,832
Reaction score
637
Points
113
Location
North Louisiana, USA
Your Mac's Specs
2.8 GHz 2008 MacBook Pro 10.11, 8 GB mem, iPhone 12 Pro Max, 2015 iMac 16 GB Big Sur
That's often the case. Sometimes I wonder if the writers in question have any understanding of these security issues at all - especially when they are not known for covering tech issues.

I know I'm not the brightest bulb on these issues but some of this stuff is ridiculous.
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
558
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
It's true, although sort of disingenuous. The reason the listed OS's are more vulnerable in 2014 is the exact same code was used across all of them (and pretty much every other Unix variant).. and the exploits in the code were finally discovered (most having existed for a long time).. and ALL patched already.
True but that doesn't detract from the fact that they were present. While quick (quickish - let's not get carried away with suggesting that Apple is always quick to patch things), the presence of holes/flaws is still very much a salient issue.
 
Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
True but that doesn't detract from the fact that they were present. While quick (quickish - let's not get carried away with suggesting that Apple is always quick to patch things), the presence of holes/flaws is still very much a salient issue.


It is, but lets look at the BASH vulnerability (specifically CVE-2014-6271). It's existed since BASH 1.03, which means September of 1989 ;) (or, longer than the cold-wars been over) and was finally discovered last year. It's really HARD to be on top of these sorts of exploits. Ultimately though, the Unix (and Unix-like) OS's are typically far more hardened than Windows.. at least historically (although Microsoft has worked hard to harden their products).
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
558
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
Oh, I'm certainly not suggesting that OS X and iOS are incredibly porous. That said, the presence of holes, however deep and impossible to see, still makes them available. What's more important than this though is the speed with which companies plug holes and if recent events are anything to go by, all tech companies seem pretty slow at patching things.
 
Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
Oh, I'm certainly not suggesting that OS X and iOS are incredibly porous. That said, the presence of holes, however deep and impossible to see, still makes them available. What's more important than this though is the speed with which companies plug holes and if recent events are anything to go by, all tech companies seem pretty slow at patching things.

The BASH fix was rolled out for OS X within a week.. O:) So, that's really not that slow if you allow for testing (and you'd be pretty unhappy if these things were simply risk-assessed and released, I believe)

12 September 2014 - reported to BASH maintainers
24 September 2014 - disclosed publicly (verification does need to occur)
29 September 2014 - patch available as OS X bash Update 1.0

Now, the problem:

So we have a situation where a standardized shell is vulnerable, this needs to be communicated to those who use the shell. This is done publicly, which is the most efficient and transparent option. The problem with this is, as soon as the vulnerability was communicated, thousands of botnets were generated to take advantage of it. How do we make this information available without alerting those who would utilize it? Fundamentally, this is a large question.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top