Linked by Thom Holwerda on Mon 27th Feb 2006 18:29 UTC
At first blush, the past two weeks have not been good for the image of Apple's Mac OS X: Public descriptions of two worms and a trivial exploit for a serious software issue in the operating system appeared on the internet. However, the three programs are hardly a threat to systems running Mac OS X, according to security professionals. CNet covers the same topic.
Thread beginning with comment 99848
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-01-06
People have been assuming that, because the proof-of-concepts required an admin password to access root functionality, that this isn't serious. That's really wrong.
These vulnerabilties can be combined with kernel-level exploits (see below) in order to bypass the necessity for specifying a root password.
http://secunia.com/advisories/9535
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0023.html
http://www.virusthreatcenter.com/article.aspx?articleId=333
Sure, these issues have been patched already. But, first, keep in mind that not everybody updates their systems on a regular basis (one of the reasons that Windows has had many problems). Just because a patch is issued doesn't mean that everybody is going to install it -- so there are plenty of vulnerable boxes out there. Second, even if this weren't the case, I don't think many security pros are stupid enough to assume there AREN'T kernel-level exploits still hiding in the OS X source code, just waiting to be found. It's just a matter of time and effort.
So, really, don't count on user interactivity to save your asses. It just won't cut it when the hackers really decide to take aim at your boxes.