Linked by Thom Holwerda on Fri 21st Apr 2006 22:08 UTC
Mac OS X Secunia said there are potential vulnerabilities in the Mac OS X operating system, first noticed by Tom Ferris. The firm described the holes as 'highly critical', meaning that systems could be compromised if crooks dive in. Secunia said the potential holes are in version 10.4.6, but other versions might be affected too.
Thread beginning with comment 117079
To read all comments associated with this story, please click here.
It looks a bit nasty
by dr_gonzo on Fri 21st Apr 2006 23:47 UTC
dr_gonzo
Member since:
2005-07-06

Here's the link to the actual page which describes the multiple flaws: http://secunia.com/advisories/19686/

As far as the zip flaw goes, it exists in the BOMArchiveHelper application so if you're not sure about opening a certain zip file, you can safely open it in the command line.

All the other vulnerabilities are pretty unavoidable though. I suppose to be extra safe, you could use Firefox for web browsing to avoid the HTML exploit.

People shouldn't get so worked up about this though. It is virtually impossible to create 100% secure code. What matters is Apple's reaction time in fixing known vulnerabilities.

If I understand correctly, LLVM could prevent a lot of security attacks by creating a sandbox for applications in the way that the Java VM does.

Reply Score: 3

RE: It looks a bit nasty
by pxa270 on Sat 22nd Apr 2006 08:32 in reply to "It looks a bit nasty"
pxa270 Member since:
2006-01-08

People shouldn't get so worked up about this though. It is virtually impossible to create 100% secure code. What matters is Apple's reaction time in fixing known vulnerabilities.

According to the discoverers of the vulnerabities, Apple was notified of
http://www.security-protocols.com/sp-x25-advisory.php
and
http://www.security-protocols.com/sp-x26-advisory.php
in January and February. The remaining four advisories do not list the notificaton dates.

Edited 2006-04-22 08:40

Reply Parent Score: 4