The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Researcher Finds New Mac OS X Vulnerability

Researcher Finds New Mac OS X Vulnerability

by , 1:30 PM EDT, July 19th, 2007

An anonymous researcher has found a serious vulnerability in Mac OS X, related to mDNS, written a worm to exploit it, and has claimed that Mac OS X "has a long way to go" on security. Apple has officially replied, according to ComputerWorld.

The researcher said that he (or she) will report the vulnerability to Apple at some point.

Apparently, there is a "still-unpatched bug in mDNSResponder, a component of Apple's Bonjour automatic network configuring service, [that] could be exploited by a worm," Gregg Keizer reported. Apple's security update 2007-005 included a fix, but the researcher claims that Apple did not attend to the complete code base and that bugs in the [open source] code remain.

Dave Aitel, the CTO at Immunity, Inc. in Miami questioned whether the researcher was able to write the worm only on a few hours, as claimed in the researcher's blog, but admitted that such exploits are still possible in the mDNS code.

The researcher had some harsh words for Apple and said, "I do believe in being responsible and working with vendors, but I also feel that some vendors need to be treated like children and learn lessons the hard way. Apple has a very long way to go when dealing with security issues in their products."

Apple's Anuj Nayer responded in an e-mail. "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," he said.

There are several factors at play here. Any modern OS will still have deep exploits. Smart and educated researchers, both bad guys and good guys, can still find them in open source code. The real question is not whether Mac OS X is perfectly secure. The question is, can Apple and the community of seasoned and humble technical professionals work together to find and patch the bugs faster than weaponized exploits can do any serious damage. So far, Apple has been successful in achieving that goal.

  

Recent TMO Headlines - Updated September 27th

Mon, 6:38 PM
watchOS 3: Mickey and Minnie Mouse Can Now Speak the Time
Mon, 5:51 PM
iOS 10: How to Use Maps Extensions
Mon, 5:07 PM
TMO Background Mode: Interview with Founder & President of Bombich Software, Mike Bombich
Mon, 3:13 PM
iOS 10 Maps 'Overview' Buttons Moved to the Swipe-Up Drawer
Mon, 2:35 PM
A-Shirt Makes Apple-Inspired Shirts for Apple Fans
Mon, 2:32 PM
TMO Daily Observations 2016-09-26: macOS Sierra PDF Issues, Apple ID Two-Factor Authentication
Mon, 2:25 PM
Apple's iPhone 7 Invitation Refused by Bloggers
Mon, 2:01 PM
Avantree PowerHouse 4 Port Fast USB Charging Station
Mon, 1:28 PM
Stilo 6R Stylus Features Magnetic Body and Hybrid Tip
Mon, 10:40 AM
How to Stream the Clinton/Trump Presidential Debate on Your iPhone, iPad, and Apple TV
Sun, 12:06 PM
MGG 624: Sierra, APFS, Wi-Fi and Personal Servers
Sat, 9:04 PM
Can't Remotely Control Your HomeKit Devices? Enable iCloud Two-Factor Authentication
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!