Because thats why CNET explodes every time the words "security", "vulnerable" and "Apple" come within 3 sentences of each other, because the mainstream press and those among them who cash paychecks from Redmond aren't desperately hoping for something to make OSX not seem 1000x secure than Windows, because the only reason Macs aren't all virus infested bots right now is because the hackers don't mess with something with such a small marketshare.

Its all BS, because obviously 10k doesn't get thrown down and then only collected when the rules of the challenge are substantially easied, for a system nobody in that field cares about. They want that exploit so bad they can taste it, because guess what if you find a major apple hole and manage to write a successful exploit that functions in the wild on reasonably secure hardware you are gonna be one paid dude, companies like Symantec and MS will be bidding for the right to hop on that guys jock.

Also, no computer is idiot proof, if somebody did send you an email/IM with this exploit embedded with it and you failed to screen it out as spam then you screwed up, IMO.

you sound like an idiot.

Hey give that guy a break. He's obviously still studying for his TOEFL.

why would microsoft want to hire a guy who can crash a mac? don't you just need to install an adobe application to do that?

This is not some “potential” Safari exploit… it is an exploit. Just because it requires the user to click on a link, does not make it any less significant. If you read the original reports, it can also be done by embedding a URL in a web page.

Regardless, this is no different then some Windows exploits. Why is it when it is on a Mac it is “potential” and when it is on Windows it is a “real.”

Before you jump, I am a Mac so please do not think I am some Windows apologists. But I am not a Mac Apologist either. No OS is 100% secure so I am not going to down-play this. No matter if the rules of this contest changed or not, someone found a way to hack a Mac… get over it.

I guess if I told you the code for my alarm and where the hidden kay was, you could break into my house. Geez, what a load. The Windoze folks just lose it at the chance to slam OS X security. And I love the 5-10% market share they always spout. That is the TOTAL market, including the hapless corporations who are locked into MS for cost reasons. In the personal market, Apple's share is much higher. Just look at the sales numbers for Dell, HP and Apple. Those are just iPods Apple is selling.

Quote

Guest wrote:
why would microsoft want to hire a guy who can crash a mac? don't you just need to install an adobe application to do that?

I use Adobe products almost every day, Illustrator, inDesign, PhotoShop, Acrobat, GoLive, Bridge, usually several open at the same time. I rarely have a crash, and when I happens it always GoLive.

Sure there might be another exploit but is it really that serious considering how they ran this contest. First they gave out the IP address which is something that would be very hard to do in the real world unless your firewall is turned off on your router and on your Mac OS. Second they cheated by lowering the standard security settings. There has yet to be any live Mac hacked and proven so since it's release in beta.
That fact remains today that the only way anyone has been able to break in is by cheating.

@horvatic:

they did NOT lower any security settings on the Mac. The only change was from originally attempting to compromise a mac from the outside, with no action on the Mac side, to allowing the Mac to load a clicked on link in the default web browser.

No security settings were reduced on the Mac side. This it the kind of exploit that, if posted on a mac forum as a link to Leopard screenshots, or "hey look my macbook caught fire", or some such, that could wipe user folders, install user-level software, script safari to send out spam, etc.

This is definitely an exploit, but another interesting aspect to the whole thing is some comments I read on a site for (obviously Windows) security-related people. They went on about how the "security by obscurity" was not a myth at all, but reality. The picture one of them used to describe it, was that we Macusers were living in a nice and safe suburb, whereas Windows-users were living in the big, bad city.
Well, that's a nice image but one thing I still miss, is someone explaining with facts how Mac OS X and Linux are just as insecure technically as Windows. I have read a lot of articles explaining what is wrong with the Windows architecture, like the Registry and ActiveX and what not, but what I miss reading are articles stating some clear facts showing why Mac OS X and Linux are NOT more secure than Windows. The only thing I see is repeated is the claim that Mac is only secure because it is obscure. If you say you doubt it, you're a Macfanatic, of course.

As I see it, we might live in the calm suburbia, but our doors have more locks, too, along with alarm systems, so it simple takes more to break and enter.

This bloke did it, but not as easily as it seems to be with Windows.

Actually, the "exploit" was to read a file in user space. My understanding is that the other exploit was to read a file that was readable only by root.

So we now have a known Java in browser (not just Safari) exploit. If a user follows a malicious link, the remote site can potentially obtain the contents of a file, possibly only a known file (though if you can get a directory listing then everything readable becomes 'known').

It is correct to call it a "potential" exploit. It's a real, demonstrable exploit useable under real-world conditions, but there are currently no instances of it in the wild, and it is likely to be patched before an such "real world" exploits can occur.

Note also that it is not a virus, worm, or similar. It provides *read-only* access. It does not infect the computer, or otherwise provide direct control of it. In order to gain control via this exploit, the hacker would need to obtain a file containing some form of key to allow them to log in.

There are so many so called “security experts” out there spouting all kinds of garbage. No real security expert will repeat the security through obscurity myth. He knows it simply is not true. If he doesn’t, then he is no security expert. There are a lot of charlatans out there.

I'm no security expert, but know from experience that obscurity and a little social politeness is all that prevented a previous Safari-accessible exploit from doing some Very Bad Things to Mac users' machines.

On a forum I help run, as an example just to quieten the blind Mac faithful who -insisted- an exploit couldn't affect them, I posted an example of the exploit in a link, quietly, without letting people know what it was.

On people with Safari using default settings, it loaded the exploit, ran it, gained a user-level shell, and printed out a some info about the user's HD from a script of my choosing, then the script loaded a URL from my server to show me how many times it ran successfully.

If I'd added 10 more characters to the script, I could have deleted their entire user directories, but I'm not an idiot.

Going by the hundreds of successful hits in my server logs, that could have given hundreds of Mac users a Very Very Bad Day - and I'm no uberleet haxxor type, just someone who can spot a problem when it's put in front of me, and could use an exploit demoed on a security site combined with a simple bash script.

Why didn't anyone else do something horribly vindictive to Mac users' machines? Why weren't there hundreds or thousands of mac users with machines compromised by similar scripts so easily run by posting a link in a forum, or posted by email? An attacker could have done numerous things to a system or a user with even user level privileges, but they didn't.

Obscurity, politeness, and fear for the repurcussions of being found doing something bad is all I can come up with.

Hopefully this flaw will be addressed by Apple soon. It seems it has the possibility of causing some harm if pushed further.

Quote

Anonymous wrote:
Obscurity, politeness, and fear for the repurcussions of being found doing something bad is all I can come up with.

Two things guest, please post that link here, I volunteer myself as a guinea pig to test this because I really want to see it, not being sarcastic please do post it here if you still have it (at least the original forum page you mentioned if not the exploit itself).

Second, I really think you're giving hackers and people way too much credit there, they would love to take Mac users down a peg, if for no other reason than it would make them gods at Slashdot for weeks.

@DaiMac

http://forums.mactalk.com.au/showthread.php?t=14556 is the link to the thread where the exploit was originally posted publicly (The first post in that thread was on the front page of the site, though the link to the exploit was moved from the front page not long after, to another thread) - partway through the thread is a post describing the results of the working exploit within the first few hours (remember this was an older one that affected Macs for a while around February 2006) - a direct link to the summary post is http://forums.mactalk.com.au/showpost.php?p=134200&postcount=21 . I no longer have the exploit online, but it may be archived somewhere at home (I'm housesitting at the moment). You'd need to have whatever version of OSX was current at the time to demonstrate it of course.

Unfortunately other links in the thread to other discussions on the board no longer work - the forum changed to entirely different software late last year, and those older links need a bit of searching to re-find.

Just a note: by 'originally posted publicly' I meant on MacTalk (formerly Appletalk). I didn't find it of course - the link at the bottom of the first post to http://secunia.com/mac_os_x_command_execution_vulnerability_test/ has another working example, and I think it's where I nabbed the exploit example to modify it.

Quote

Anonymous wrote:
You'd need to have whatever version of OSX was current at the time to demonstrate it of course.

Ah, yeah without a more specific build number to go with I don't really feel like going to the effort of rebuilding my OSX 10.4 system update by update until I hit the right one to test this vulnerability, just too time consuming, I misunderstood and thought you meant something in the last 3-6 months (which I might have a backup copy of that build of my startup disk already), my bad

I do vaguely remember this one though, I thought it was patched within a couple of days of when the code was released but I may not by recalling that correctly or thinking of another vulnerability.