Security Researcher Slams OS X For 'Ancient Flaws' || The Mac Observer

Skip navigational links

Choose text size:

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Security Researcher Slams OS X For 'Ancient Flaws'

Security Researcher Slams OS X For 'Ancient Flaws'

by , 4:40 PM EST, January 26th, 2006

Mac OS X has many security problems that have remained unfixed despite the fact that they were repaired in other operating systems over a decade ago, security researcher Neil Archibald told ZDNet Australia. Reporter Munir Kotadia wrote that Mr. Archibald "speculates that should Apple's market share continue to increase, users of the platform could actually end up less secure than users of other platforms such as Microsoft Windows or Linux."

Mr. Archibald added that Apple has left its code "relatively under-audited, which leaves a lot of low-hanging bugs." As an example, he cited the now-patched "dsidentity" bug, which affected Mac OS X v10.4. It "could have easily been exploited to grant a non-privileged user with admin rights and allow that user to create and remove root user accounts," Mr. Kotadia wrote.

Another flaw that remains unpatched "could allow memory corruption and hand control of a process over to an attacker," according to Mr. Kotadia. Mr. Archibald said that Apple is aware of that flaw's existence but has been slow to respond to it. "It expects security researchers to wait indefinitely to release the vulnerabilities and offers no incentive for them to do so," the security researcher said.

In the long-term, he added, "Apple's impressive security record is likely to be tarnished if the company continues to grow its market share while undervaluing security researchers and not properly auditing its code." The security problems exist in both the Intel and PowerPC versions of Mac OS X, Mr. Archibald noted.

An Apple spokesperson told Mr. Kotadia that the company won't "comment on what other people say about Mac OS X."

Thanks to The Inquirer for the link.

Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/extension.inc) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 108

Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/extension.inc' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 108

Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/common.) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 110

Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/common.' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 110

Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/includes/bbcode.) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 112

Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/includes/bbcode.' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 112

Fatal error: Call to a member function sql_query() on a non-object in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 532

Recent Headlines - Updated June 19th

Tue, 8:38 PM: Editorial - Apple Offers Retail Employees Early Access to OS X Mavericks
6:41 PM: Steve Wozniak Presides Over 3 Working Apple I Computers
4:35 PM: TMO Interview - Alf Watt at WWDC: The Journey from iStumbler to Apple and Beyond
3:47 PM: Product News - Apple Updates Java for Snow Leopard, Lion, Mountain Lion
2:01 PM: Chatology Offers Search & Filtering Options for Apple’s Messages & iChat
1:50 PM: Quick Look Review - Just Mobile’s AluCup: iOS Device Convenience in a Small Space
12:45 PM: TMO Quick Tip - How to Run Parallels Desktop 8 with OS X Mavericks DP
11:09 AM: Editorial - Of Course iOS 7 is Broken, it’s Beta
9:56 AM: Apple Stock Watch - Analyst: Get Ready for September iPhone Launch
9:06 AM: Product News - Adobe Launches Creative Cloud, Moves to Subscription Software Model
Mon, 7:05 PM: Analysis - Apple Expands Jony Ive’s Title to Cover All ‘Design’
6:26 PM: Analysis - Apple’s Eddy Cue Details Steve Jobs Interest in iBooks

The Mac Observer Reader Specials

Support TMO, Buy from Amazon, MacMall and The Apple Store

© The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. The Mac Observer is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.