Analyst: Microsoft Putting Mac Security at Risk

| News

Microsoft released a security patch for the Windows version of PowerPoint while announcing that the Mac OS X version of the patch won't be out for a few more weeks, prompting Internet Storm Center analyst Swa Frantzen to call the company to task. Microsoft's actions, he claimed, could give hackers information that helps them design PowerPoint-based attacks on the Mac.

"We all know from past experience the reverse engineering of patches back into exploits starts at the time -- if not before -- the patches are released," Mr. Frantzen said. "Typically it takes between hours and a few days or so to complete this if it's easy to exploit."

In this case, the flaws could allow an attacker to run arbitrary code on a user's computer by tricking them into opening a maliciously crafted PowerPoint file.

Microsoft security engineer Jonathan Ness defended the move by saying "We normally do not update one supported platform before another, but given this situation of a package available for an entire product line that protects the vast majority of customers at risk within the predictable release cycle, we made a decision to go early with the Windows packages."

He added that none of the exploit samples Microsoft has analyzed will reliably work on the Mac, so the company didn't see an issue with releasing information about the flaws before offering a security patch for Office 2004 and Office 2008.

Mr. Frantzen, however, doesn't see Microsoft's move as responsible. "Microsoft is the one big company screaming loudest of all over responsible disclosure," he said.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

ChoMomma

The marketing folks at M$ told them to hold off on the Mac fix.. that way they could plan some astroturf about Macs being vulnerable to viruses.

FlipFriddle

Frankly, anyone using a Mac should be using the far-superior Keynote. It’s cheaper and better, how could you go wrong?

And ChoMamma hit it on the head. Do they actually think we believe that they need a “few more weeks” to work on the patch for PowerPoint for Mac? Please.

jbruni

Indeed, why did the security bulletin even mention the Mac software if the patches weren’t available? MSFT could have just omitted mentioning that the Mac versions had similar vulnerabilities and simply issued another bulletin when ready.

deasys

we made a decision to go early with the Windows packages

...and I made a decision to avoid Microsoft software on my Mac.

I guess we’re even.

JMP

As of this two hours ago, I switched to KEYNOTE and I now wonder why I did not switch earlier.

ChoMomma

Frankly, I don’t even use any part of Microsoft Office.. Word? nope.. textedit, Powerpoint? nope.. Keynote, Excel? nope..MySQL(I’m a web designer/dev..)

Gino

You guys are all missing the REAL pronouncement here!

Microsoft security engineer Jonathan Ness says,

“... none of the exploit samples Microsoft has analyzed will reliably work on the Mac…”

What Microsoft is REALLY saying is what Macintosh users have known for a while. And that is that the architecture of the Mac OS X OS is secure enough that even if Microsoft releases buggy, insecure applications for the Mac, you’re still safe because you’re on a Mac.

Thank you Microsoft for re-enforcing what we’ve know all along. Hmmm, I see another “I’m a Mac, I’m a PC”, commercial in that.

ChoMomma

He added that none of the exploit samples Microsoft has analyzed will reliably work on the Mac, so the company didn’t see an issue with releasing information about the flaws before offering a security patch for Office 2004 and Office 2008.

So.. then it shouldn’t be all that hard to knock out a fix/patch then eh?

rpaege

Frankly, anyone using a Mac should be using the far-superior Keynote. It?s cheaper and better, how could you go wrong?

You will go wrong if you work in a windows-based corporate environment where, like it or not, PowerPoint is ubiquitous.  And no, importing/exporting to/from PowerPoint is not the same thing.  When you get all sorts of PP files from many different clients, you want the genuine software, not an ersatz version of it that makes subtle changes to your file.

Keynote is an excellent app, but it’s really only great if you that’s it’s the only thing you and your company uses.

geoduck

You will go wrong if you work in a windows-based corporate environment where, like it or not, PowerPoint is ubiquitous.

That’s why I’m glad my company has gone to OpenOffice. Aside from a few accountants that need to share files with outside companies, we don’t use M$Office.

Plus aside from a single virtual environment my Mac is MS free as well. Come to think of it I haven’t used that environment in a couple of months anyway. I think I’ll trash that as well.

Sean

This is why I NEVER use Microsoft products….. EVER. Overpriced, bug ridden, bloatware.

Log-in to comment