Mac OS X Vulnerabilities Underplayed

[AndyMS]

Seems apple finally felt what MS has been feeling for quite sometime after not recognizing some security researchers. I wish more hackers would turn their attention to apple. Then we could see how great their code really is.

 

"Apple continued to claim that there were no vulnerabilities in Mac OS X but came a month later and patched their Wireless Drivers (presumably for vulnerabilities that didn't actually exist). Apple patched these 'non-existent vulnerabilities' but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple's behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification. The end result is that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007 including last week's megapatch of 45 vulnerabilities."

 

http://it.slashdot.org/it/07/03/21/0040255.shtml

[yoda75]

I wish more hackers would turn their attention to apple. Then we could see how great their code really is.

 

 

Why would you wish this on Apple and their users? What do you gain? I personally don't care how smug Apple is. Security researchers shouldn't care either. Apple will always be a small player in the computer market which is just fine by me. I'd like to see them stay small enough to stay off of hackers' radar yet still put out great software (I'm talking about their Pro Audio/Video apps).

[AndyMS]

Why would you wish this on Apple and their users? What do you gain? I personally don't care how smug Apple is. Security researchers shouldn't care either. Apple will always be a small player in the computer market which is just fine by me. I'd like to see them stay small enough to stay off of hackers' radar yet still put out great software (I'm talking about their Pro Audio/Video apps).

 

Because I am sick of Jobs' misinformation about osx being so "secure".

[yoda75]

Because I am sick of Jobs' misinformation about osx being so "secure".

 

I see, so you would wish virus infestation for all of us OSX users (legit hardware or not) because you don't like Apple's marketing team. Makes sense.

[lord_muad_dib]

nahh... who cares if steve jobs says macos has no volnerabilities? the important thing is that they do several updates, fixing everything. and seems they r doing it well

[AndyMS]

I see, so you would wish virus infestation for all of us OSX users (legit hardware or not) because you don't like Apple's marketing team. Makes sense.

 

For one you are taking this too personal, and two, I in no way said I wish viruses on anyone. Did you even read the link? These are vulnerabilities in the OS. Would you rather they not get fixed until they become a bigger problem for more people? Would you rather remain ignorant to the fact?

 

I for one use OSX and dual boot with Vista and it is nice to see that they are being kept on their toes, rather than getting over confident in their os.

[Panda200x]

Because I am sick of Jobs' misinformation about osx being so "secure".

Pity, it's a market slogan which I hate too. I was in an apple store in america (where most are) and the {censored} who was pitching to someone to buy a mac was saying, no viruses, nothing bad can happen to your computer with a mac. :/ My guess is OS X will get viruses on then wether you like it or not.

 

 

©2007 Infect-a-mac Project :aware:

[yoda75]

For one you are taking this too personal, and two, I in no way said I wish viruses on anyone. Did you even read the link? These are vulnerabilities in the OS. Would you rather they not get fixed until they become a bigger problem for more people? Would you rather remain ignorant to the fact?

 

I for one use OSX and dual boot with Vista and it is nice to see that they are being kept on their toes, rather than getting over confident in their os.

 

I'm not taking this personally at all dude. It's just that your statements "I wish more hackers would turn their attention to apple. Then we could see how great their code really is." and "Because I am sick of Jobs' misinformation about osx being so 'secure'" came off sounding pretty malicious. Like you were rooting for Apple to be as virus ridden as possible just so you could say "I told you so". I've come across many people in various online forums who have this kind of attitude (mainly Windows zealots). Anyways, things can easily be misinterpeted on forums and if I took your comments the wrong way then my apologies. Nothing personal.

 

Peace

[aberracus]

But the reality is no virus....

 

Security patches and security problems are one thing virus is another one, and very diferent one.

 

is almost end of march and Vista isnt infested by virus yet, is obviously much more secure, virus makers usuall exploit the most simples route inside the machines, the wirelles hole was one of those complicated security holes.

 

At the end of the day

 

Still no virus

[Soliber]

Like I said, there's a nice future out there for the Mac, but Apple and its fans need to get out of their ivory tower, and need to realise that as soon as the common scriptkiddy has interest in Mac OS, you're screwed as things stand today. What with all the attitude of "Mac doesn't need extra security", virusscanners are for whimps and paranoid people.

All this "nothing bad can happen to you on a mac" is bullocks. There will come a time in the not so distant future when the scriptkiddies will start to show interest in Mac OS, and you'll have to thread as softly as we "windowsers" do

This has nothing to do with wishing viral destruction onto your behinds, just to whipe that misconceived smirk away. Because it's those kind of people that pose a risk for everyone else.

Just look at the legions of botpc's out there. All because people just don't get it into their heads that the internet can be dangerous, no matter what OS you have >_>

[rollcage]

All because people just don't get it into their heads that the internet can be dangerous, no matter what OS you have >_>

 

Exactly. Just because you don't run Windows doesn't mean you aren't immune to phishing scams. Jobs isn't going to rush in and prevent you from giving away your credit card number to some dude in Nigeria...

[A Nonny Moose]

There's a difference between patching a vulnerability (which happens in Windows, OS X, and Linux) and actual malware on the market.

[Soliber]

Yeah true, but at least MS has somewhat more of a tendency to say what their patches are doing. While I hear that Apple's patches virtually have no informative sidenotes at all.

People should be made aware of the problems that Apple is trying to fix. Then again Macs have an aura of "just functioning", so it may frighten customers or so.

Then again, that train of thought depicts Mac users as children who need to be held by the hand, and I doubt that that's the case.

So in the end, why all the secrecy?

If you constantly patch Mac OS silently, people will eventually get the feeling that everything is always allright, and that nothing can happen to them.

[Lostgame]

I do agree to an extent - I think that they need to top their "no virii!" campaigns, but at the same time, I think they have a very vaild point...

[bwhsh8r]

try and tell me its unhackable now! this is a two sided sword, im happy i can finally tell those mac fanatics to stfu, but at the same time alot of innocent people could be harmed by this..... and i think apple should be like microsoft and let us know waht theyre patching!

[A Nonny Moose]

Yeah true, but at least MS has somewhat more of a tendency to say what their patches are doing. While I hear that Apple's patches virtually have no informative sidenotes at all.

People should be made aware of the problems that Apple is trying to fix. Then again Macs have an aura of "just functioning", so it may frighten customers or so.

Then again, that train of thought depicts Mac users as children who need to be held by the hand, and I doubt that that's the case.

So in the end, why all the secrecy?

If you constantly patch Mac OS silently, people will eventually get the feeling that everything is always allright, and that nothing can happen to them.

 

Apple does indeedy do give detailed descriptions about what it's patching, but you need to dig for them on their website.

[Urbz]

nahh... who cares if steve jobs says macos has no volnerabilities? the important thing is that they do several updates, fixing everything. and seems they r doing it well

But the reality is no virus....

There's a difference between patching a vulnerability (which happens in Windows, OS X, and Linux) and actual malware on the market.

I couldn't agree more with all of this. As long as the people buying Macs got no virii and aren't concerned with OS vulnerabilities because Apple patches them before anything gets out in the wild, why should anyone care?

And IMO, this also gives them the right to say OS X gets no virii, because, well, it doesn't.

 

-Urby

[Soliber]

I couldn't agree more with all of this. As long as the people buying Macs got no virii and aren't concerned with OS vulnerabilities because Apple patches them before anything gets out in the wild, why should anyone care?

And IMO, this also gives them the right to say OS X gets no virii, because, well, it doesn't.

 

-Urby

This is exactly what I'm talking about.

It's the same time with people who have never known war. They don't know how to fear it.

It's those ignorant (no offence) people, that wander the most dangerous parts of the internet, because they think they're operating from within some impenetrable fortress.

We have a saying here in Belgium: zelfs de die die nie bang zijn, krijgen ook slaag.

Loosely translated it means: even those who do not fear, get their asses kicked.

Fear induces caution. And caution is very much needed on the internet.

[Forceman]

But the reality is no virus....

 

Security patches and security problems are one thing virus is another one, and very diferent one.

 

is almost end of march and Vista isnt infested by virus yet, is obviously much more secure, virus makers usuall exploit the most simples route inside the machines, the wirelles hole was one of those complicated security holes.

 

At the end of the day

 

Still no virus

 

Calm before the storm.

[cringemaster]

Itll happen eventually, then itll be patched within a few days and everyone who hasnt been infected will be able to update.

[A Nonny Moose]

And again, OS X has been on the market for multiple years and there aren't any screaming viruses that pundits have promised. The Classic Mac OS, on the other hand, has tons upon tons of viruses out there for it.

[Soliber]

It's never a question of being on the market or not, it's a question of how large the marketshare is. The greatest source of anguish on the internet, is formed by script kiddies whom abuse stuff written by others en masse, without knowing what it does. For the moment, nor the viruswriters who know what they're doing, nor the scriptkiddies give a rat's ass about Mac users, since they're aren't enough out there to peak their interest...

But Mac OS is growing, so that will soon change

[A Nonny Moose]

no, it IS a quesiton of it being on the market. It IS a question of virus creation tools being released to the general public (XCode and AppleScript to name two of them). The pieces are all there and there are STILL no true threats outside of proof-of-concept pieces of {censored}.

 

While I will not say the Mac OS is invulnerable (anyone who says that deserves a virus on their system regardless of OS), nor will I say a virus will never happen (because it most likely will), I will say that the evidence is pretty damning when it comes to the number of viruses on OS X.

[Soliber]

Kindly descend from your ivory tower please The "evidence" only points to a serious disinterest in Mac OS from viruswriters.

If you take all the trouble to write a virus, then you would choose a group as large as possible to cause damage to. And Windows marketshare is by far larger than Mac OS, so why would anybody, who does not wish to show a proof of concept, want to write a virus for Mac OS? The notion in itself is laughable, for the moment.

Writing a virus, is mostly wanting to create havoc, for which you need as many potential victims as possible

They just do not care

[CoolBits]

I someone makes a virus for osx the damage can be bigger than with virus for win... and we all know that and virus writers too...

 

3% of all computers on the world are macintoshes with osx, im sure that at least 2% are osx connected to net and without antivirus...

 

So if someone writes a succesful virus for osx it could theoreticaly infect 2% of all computers... and thats a number that even worst windows viruses didnt get... i think worst virus ever got to 3% infection...

 

So if someone wants to infect big userbase he should go for OSX... yet there are still no viruses...