Researcher Finds New Mac OS X Vulnerability
Researcher Finds New Mac OS X Vulnerability
by , 1:30 PM EDT, July 19th, 2007
An anonymous researcher has found a serious vulnerability in Mac OS X, related to mDNS, written a worm to exploit it, and has claimed that Mac OS X "has a long way to go" on security. Apple has officially replied, according to ComputerWorld.
The researcher said that he (or she) will report the vulnerability to Apple at some point.
Apparently, there is a "still-unpatched bug in mDNSResponder, a component of Apple's Bonjour automatic network configuring service, [that] could be exploited by a worm," Gregg Keizer reported. Apple's security update 2007-005 included a fix, but the researcher claims that Apple did not attend to the complete code base and that bugs in the [open source] code remain.
Dave Aitel, the CTO at Immunity, Inc. in Miami questioned whether the researcher was able to write the worm only on a few hours, as claimed in the researcher's blog, but admitted that such exploits are still possible in the mDNS code.
The researcher had some harsh words for Apple and said, "I do believe in being responsible and working with vendors, but I also feel that some vendors need to be treated like children and learn lessons the hard way. Apple has a very long way to go when dealing with security issues in their products."
Apple's Anuj Nayer responded in an e-mail. "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," he said.
There are several factors at play here. Any modern OS will still have deep exploits. Smart and educated researchers, both bad guys and good guys, can still find them in open source code. The real question is not whether Mac OS X is perfectly secure. The question is, can Apple and the community of seasoned and humble technical professionals work together to find and patch the bugs faster than weaponized exploits can do any serious damage. So far, Apple has been successful in achieving that goal.
Observer Comments
Thu Jul 19, 2007 1:52 pm Subject: "Official Response"
Thu Jul 19, 2007 2:10 pm Subject: A long way to go?
Compared to what? Compared to other OS vendors, such as, maybe, you know, Microsoft? No IT professional in his right mind would connect any PC running Windows to the Internet without multiple layers of anti-virus, anti-spam, anti-spyware defenses.
I have four Macs at home, two of which have publicly-addressable static IP addresses. They are protected by nothing other than ipfw. In twelve years of owning Macs, I have never suffered a single virus infection, spyware installation, web page hijacking, etc.
No one with a clue thinks Macs are invulnerable. On the other hand, the number of serious, high-profile attacks on Macintoshes (anyone remember Melissa?) speaks for itself.
If Apple has "a very long way to go" in computer security, what does that say about the rest of the industry?
Ahh this is fun. This is like the Global Warming Theory business. You shoot some shots first, up in the air, like fireworks. No names, no proofs, no nothing. You get the media to eat it, and then harvest the the attention. You'll be famous and the money will follow, soon.
The CLAIM will be on all world-wide-medias front pages, and with some luck this becomes The Fact. It becomes the The Final Truth: Mac's are just as insecure as [ insert your favorite here ]. It's on the media. It must be true.
But who did it ?
TMO is a little late reporting this, and it surprises me a little that they would walk right into this one without mentioning all the doubt that has built up in the time since this was first reported. If it were me, I'd be afraid of reporting this without including a truckload of salt in my headline. From all the nebulous claims and weird happenings to this story, I'm laying my money on a hoax.
Thu Jul 19, 2007 4:03 pm Subject: It sounds like a hoax. . .
Apparently the guy in question has. . .
Disappeared!
Like Kaiser Soze! hmmmm
http://www.tuaw.com/2007/07/19/alleged-os-x-worm-creator-disappears/
If Apple has a long way to go then Microsoft better close shop on Windows. I don't consider it a long way to go when he can only find one exploit compared to the hundred's of thousands that have been found on Windows. So who does he think he's kidding here anyways. Also his is only a theory versus the hundreds of thousands that were reality with Microsoft's Windows. Millions of dollars lost in information and businesses because of Microsoft's LACK OF SECURITY. I think Apple has about an inch compared to Microsoft's 100,000 Light years.
To date, no spyware on OSX, no malware on OSX, and no viruses on OSX.
Windows has it all with more and more coming out everyday. Windows users have to spend there money and time on antivirus software, and anti-spyware software while OSX users just use there Macs for what they want to use them for.
So what were you saying Mr. anonymous?
Sun Jul 22, 2007 12:59 pm Subject: More on the issue
See the ArsTechnica article.
I have owned a mac since 1990. Only once did I have a problem with my computer propagating a virus, because at the time I had no virus protection. Since I started using Norton Antivirus I have had no problems. I will trust a Mac before any other machine on the planet, especially a Windows machine. They are the ones that seem to continually get cracked.
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated February 13th
- Sat, 4:11 PM
- MacOS KenDensed - MacOS KenDensed: iPad 3 Frenzy, Big-time Apple & Steve Jobs, G-Man
- Fri, 8:10 PM
- News - Apple Sues Motorola Mobility in California Over German Case
- 7:54 PM
- Free on iTunes - OnLive Desktop: Windows & Office on Your iPad
- 7:43 PM
- Product News - Apple Rolls Out MacBook Air Configurations for Education
- 6:35 PM
- Just a Peek - Battle Pocket Bulge With The Hint for iPhone
- 6:01 PM
- Rumor - Apple Reportedly Bringing MacBook Air Styling to Pro Line
- 4:50 PM
- Particle Debris - The Hidden Gotchas of Browser Security
- 3:56 PM
- Apple Stock Watch - Analyst: Paying a Dividend Makes Sense for Apple
- 2:58 PM
- Deal Brothers - iMac 27-inch 2.93GHz Intel Quad-Core i7 processor: $1,999
- 2:45 PM
- In-Depth Review - Theodolite App for iOS is Breathtaking
- 12:52 PM
- Apple Stock Watch - Mizuho Securities Starts Apple Coverage with $635 Target
- 11:35 AM
- Hot Forum Topic - Forum Poll: Are You Planning on Buying a New iPad?
The Mac Observer Reader Specials
TypeStyler 11 is now in the Mac App Store!! -- Special Introductory Price of $59.95!! -- To Buy From The Mac App Store Click Here Now!! Or buy direct
from Strider Software.
Mac RAM Upgrades: MacBook Pro 16GB kits $475, 8GB Kits for $119.99! iMac 16GB RAM Kits (4x 4GB) for $229.99! Mac Pro Memory 32GB Kit for $399.99, 64GB Kit for $889.99! Mac Hard Drives 2TB Seagate SATA II for $249.99! Click Here!
-
If you're using a Mac, then you've gotta check out Online Poker Mac.
This mac poker and online casino mac site
actually does the unthinkable, it actually rewards! -
-
-
-
-
-
