Apple on Thursday plugged over two dozen security exploits within the client and server versions of its Mac OS X 10.3 'Panther' and Mac OS X 10.4 'Tiger' operating systems that could potentially expose Mac users to a variety of malicious attacks.
Post a Comment
Member since:
2006-01-23
Since November, a lot of serious though not critical, problems were revealed, and it's good that they're finally getting closer to fixing all of the problems.
Obviously, their development staff have been stretched thin with Leopard and iPhone development but they really need to dedicate people to security issues. November, or even January, to April is a very long, very open window for attacks.
Still, since nothing has really been exploited, better late than never.
Member since:
2005-11-10
Job done, thanks Apple. I think security updates are good thing, even when I was on Windows. Apple's update app makes it so much less hassle, and Vista followed suit with a dedicated app instead of the hellacious IE-only Active X mess in XP.
I don't honestly see why this is news. None of these are being exploited, they've now been patched, only 3 were remote exploits (unlike what some comments on some sites are making out). Linux gets hundreds of patches all the time, we don't get news of that.
Member since:2006-02-28
You are aware that the "hundreds" of patches send to Torvalds and maintainers are most bug fixes and new features ?
Most of security updates i have on my ubuntu box are obscure local exploits, maybe a little bit more than i had on my powerbook (in a comparable period), but we're far from hundreds.
I agree that people talk too much of Mac OS X patches, but that's not a reason for being offended and bashing others operating systems, especially open source ones.
Member since:2005-11-10
I wasn't bashing Linux at all - I stated that security updates are a good thing. Linux gets lots of patches because there is so much of it that is open source, and all programs on the system go through the same update system, naturally giving many more updates. But yet, we don't get news of these. But every single time Apple issues new updates; it's on the top of Digg and published everywhere.
Member since:2005-11-21
Member since:2005-11-23
Most of security updates i have on my ubuntu box are obscure local exploits, maybe a little bit more than i had on my powerbook (in a comparable period), but we're far from hundreds.
Only bug fixes and new feature, yeah I saw that ...
http://secunia.com/product/2719/?task=statistics
116 security holes since 2004 ...
And I assume that all those security holes from firefox are new features too
http://secunia.com/product/4227/?task=statistics (100% remote).
I will stop the demonstration here. If you think that your linux is more secure than mac os x, you are wrong.
Member since:2005-10-02
Most of these holes were less critical and only few of them were remotely exploitable. It's not like Windows where most public known holes are extremely critical and always easily remotely exploitable. Security holes on *BSD, Mac and Linux tend to be mostly theoritical. Some of the same is true for Vista.
Member since:2005-12-15
Member since:2005-10-02
Doesn't mean anything in regard to Linux, *BSD and Mac. Dooooh!
Besides that you are spreading FUD. That particular security hole does not exist in a default Solaris 10 installation.
You have to modify a variable in /etc/default/login in order for the "flaw" to work. So truth is there is no security hole. The user has to deliberately make his system unsafe.
Member since:2005-07-04
O.K., first of all, what exactly does Firefox have to do with anything? It isn't required on Linux (Konqueror, Galeon, Seamonkey, etc etc) and runs on Mac OS X and Windows as well.
And OS X, by the way, isn't much further behind the Linux Kernel in vulnerabilities.
http://secunia.com/product/96/
Of course, comparing an entire operating system (OS X) to a kernel (Linux kernel) is kind of pointless. Comparing Darwin to the kernel, or OS X to a well maintained distro would make much more sense. However, even this is pointless, because the average Linux distro contains much more software than Mac OS X, and vulnerabilities in any package, no matter how obscure and unused the package is, would show up on Secunia.
After reaching into the far regions of my brain, I've come up with the best solution. Quit fighting over something as insanely stupid as how secure your OS of choice is (one of the most pointless pissing contests I've seen in a while) and do something useful.
Member since:2006-02-28
I'm really curious to know what is the point of your "demonstration".
http://secunia.com/graph/?type=cri&period=all&prod=2719
http://secunia.com/graph/?type=cri&period=all&prod=96
By the way, i never pretended that linux were more secure, actually, i don't mind, they both have a security level well above i need for my use.
I just wanted to say that the "hundreds" patches thing was not an argument to complain about Mac OS X patches discussions we see at each patch releases.
Member since:2005-10-02
Member since:2005-12-15
Member since:2005-10-02
Member since:2005-12-15
Member since:2005-10-02
Member since:2005-12-15
Member since:2005-10-02
Nope.
1) Windows security issues tend to be very critical while security issues with 0*BSD, Linux, Mac, Solaris and other Unices tend to be less critical.
2) Windows security issues tend to be remotely exploitable while this isn't the case for *BSD, Linux, Mac OS X, Solaris and other Unices.
Conclusion. Windows is more insecure than any other OS.
It is not only the number of flaws, but also the criticality of the flaws and the time taken to fix them that are important.
Windows loses big time in this regard.
But of course you disagree. You spread lies about other OS'es like your lame Solaris-attack, which you chose not to reply to.
Why did you claim Solaris had a telnet-vulnerability when it doesn't have one?
Member since:2006-01-06
Member since:
2006-07-15
Member since:2005-10-02
