Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
General Discussions
Security Awareness
OS X and iOS most Vulnerable OS?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Dysfunction" data-source="post: 1643759" data-attributes="member: 51052"><p>The BASH fix was rolled out for OS X within a week.. <img src="/mac_images/images/smilies/Innocent.png" class="smilie" loading="lazy" alt="O:)" title="Innocent O:)" data-shortname="O:)" /> So, that's really not that slow if you allow for testing (and you'd be pretty unhappy if these things were simply risk-assessed and released, I believe)</p><p></p><p>12 September 2014 - reported to BASH maintainers</p><p>24 September 2014 - disclosed publicly (verification does need to occur)</p><p>29 September 2014 - patch available as OS X bash Update 1.0</p><p></p><p>Now, the problem:</p><p></p><p>So we have a situation where a standardized shell is vulnerable, this needs to be communicated to those who use the shell. This is done publicly, which is the most efficient and transparent option. The problem with this is, as soon as the vulnerability was communicated, thousands of botnets were generated to take advantage of it. How do we make this information available without alerting those who would utilize it? Fundamentally, this is a large question.</p></blockquote><p></p>
[QUOTE="Dysfunction, post: 1643759, member: 51052"] The BASH fix was rolled out for OS X within a week.. O:) So, that's really not that slow if you allow for testing (and you'd be pretty unhappy if these things were simply risk-assessed and released, I believe) 12 September 2014 - reported to BASH maintainers 24 September 2014 - disclosed publicly (verification does need to occur) 29 September 2014 - patch available as OS X bash Update 1.0 Now, the problem: So we have a situation where a standardized shell is vulnerable, this needs to be communicated to those who use the shell. This is done publicly, which is the most efficient and transparent option. The problem with this is, as soon as the vulnerability was communicated, thousands of botnets were generated to take advantage of it. How do we make this information available without alerting those who would utilize it? Fundamentally, this is a large question. [/QUOTE]
Verification
Name this item. 🍎
Post reply
Forums
General Discussions
Security Awareness
OS X and iOS most Vulnerable OS?
Top
