"}

The Mac Observer

Researcher Finds New Mac OS X Vulnerability

July 18th, 2007 at 3:00 PM - News by John Martellaro

An anonymous researcher has found a serious vulnerability in Mac OS X, related to mDNS, written a worm to exploit it, and has claimed that Mac OS X "has a long way to go" on security. Apple has officially replied, according to ComputerWorld.

The researcher said that he (or she) will report the vulnerability to Apple at some point.

Apparently, there is a "still-unpatched bug in mDNSResponder, a component of Appleis Bonjour automatic network configuring service, [that] could be exploited by a worm," Gregg Keizer reported. Appleis security update 2007-005 included a fix, but the researcher claims that Apple did not attend to the complete code base and that bugs in the [open source] code remain.

Dave Aitel, the CTO at Immunity, Inc. in Miami questioned whether the researcher was able to write the worm only on a few hours, as claimed in the researcheris blog, but admitted that such exploits are still possible in the mDNS code.

The researcher had some harsh words for Apple and said, "I do believe in being responsible and working with vendors, but I also feel that some vendors need to be treated like children and learn lessons the hard way. Apple has a very long way to go when dealing with security issues in their products."

Appleis Anuj Nayer responded in an e-mail. "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," he said.

There are several factors at play here. Any modern OS will still have deep exploits. Smart and educated researchers, both bad guys and good guys, can still find them in open source code. The real question is not whether Mac OS X is perfectly secure. The question is, can Apple and the community of seasoned and humble technical professionals work together to find and patch the bugs faster than weaponized exploits can do any serious damage. So far, Apple has been successful in achieving that goal.

  • Related Entries
  • Email This
  • Tweet This
  • John Martellaro on Twitter
Login. Need an account? Register here.



Auto-login on future visits

Show my name in the online users list

Forgot your password?


Commenting is not available in this section entry.
 

Recent Headlines - Updated November 22nd

Fri, 7:07 PM
Games - Soccer Sim Championship Manager 2010 Released for Mac
6:47 PM
Games - EA Publishes Original Monopoly for iPhone
6:15 PM
News - Original Apple I on Ebay for $50K, w/Letter from Steve Jobs
6:11 PM
Games - New iPhone Games: Secret of the Lost Cavern Ep 1, New DJ Nights, More
5:47 PM
Games - Star Trek D-A-C Game Headed to the Mac Next Month
4:57 PM
Product News - TidBITS Releases “Take Control of Syncing Data in Snow Leopard”
4:26 PM
John Martellaro's Blog - Particle Debris (week ending 11/20) Stationery Pads Go Poof
2:59 PM
Free on iTunes - Musée du Louvre, Art Lite, SketchBook Mobile X and More.
1:50 PM
Deal Brothers - Acer P215H bmid 21.5” Widescreen LCD Monitor:  $139.99
11:24 AM
TMO Appearances - Jeff Gamet Shares More Holiday Gift Ideas on MacJury
10:43 AM
Product News - Cocktail 4.5 for Leopard Adds QuickLook Cache Clearing
10:06 AM
News - Hack Enables Mac OS X 10.6.2 on Netbooks
 

The Mac Observer Reader Specials

  • Buy Stuff, Support TMO!
  • __________
  • Macworld Expo 2010 Hotel Deal
  • TMO on Twitter!

Apple Stock Quote

  • AAPL: $199.92. Change: -0.59.
  • (Prices delayed up to 20 minutes.)
  • Discuss in our Apple Finance Board

Hot Topics

TMO Express

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday. Find out more!

Top Deals From DealBrothers.com

Recent Features