Apple issued on Tuesday updates for its Mac OS X operating system to fix 26 security flaws, some serious. Several of the vulnerabilities affect the way in which Mac OS X handles images and the file-sharing capabilities of the software, according to an Apple security advisory. Other flaws were found and fixed within components such as Fetchmail, file compression features, and DHCP networking functionality, Apple said.
Aren’t Macs invulnerable to malware?
Do we have to go through this everytime there is an article about Apple patching vulnerabilities?
All operating systems have vulnerabilities, including OS X.
All responsible software vendors will patch those vulnerabilities, as Apple has done here. This is a GOOD thing.
The bottomline is that while OS X is viewed as being safer than Windows, any half-way intelligent person knows OS X is not invulnerable to malware, just like Linux, FreeBSD, Windows etc etc.
EDIT: I use OS X by the way, on 2 computers, and I have never believed OS X is invulnerable to malware.
Edited 2006-08-03 00:27
The question that always bothers me is… why did they wait to release fixes for 26 vulnerabilities all at once? So “security researchers” (read: glorified hackers) knew about all of these exploitable vulnerabilities for how long? And they were unpatched?
My operating system delivers security updates constantly, several times per day in fact. Every day there’s updates to various packages, and I can upgrade to the new versions as soon as they’re deemed to be stable–or even sooner if I want to risk running a not-so-widely-tested security fix.
Each week, my operating system distributor sends me an email that tells me about the various security advisories that were issued and addressed during the past week.
My operating system distributor provides these services without ever asking me for a dime, and any revenue they drive goes directly back into the software, since they are a non-profit organization.
Macs are cool, but I get my security fixes faster.
I agree, I wish Apple and Microsoft would release patches quicker than they do.
“why did they wait to release fixes for 26 vulnerabilities all at once?”
Well, they didn’t wait. They fixed 26 since the last batch of in June, and the other batch in May.
They basically do a release every month or so.
Some months its 26. Some months 42.
What he meant is why doesn’t Apple just release security patches as the security bugs are found, instead of just letting them pile up for a month or two? Fixing them immediately would result in a smaller amount of time spent being vulnerable.
Im sure Apple would like to actually test these fixes before they go live. Would be kinda bad for their brand name if they managed to push something live that ruined the machine (still possible with testing, but less likely to happen). It takes only ones for something like that to happen, for everyone to remember it for future discussions.
Maybe they only fixed all 26 within the last few days?
Every OS is vulnerable to attacks, it depends who is behind the OS.
Provide you practice safe computing, you’ll be fine, some just get infected easier than others.
Apple starts developing patches as soon as a security issue has been discovered and reported by security experts and before they are known in public.
The hacker community is usely too late and slow, they know Apple’s track record and usely do not even take the effort to find obscure potential vulnerabilities.
So yes I do feel 100% safe with OSX, which is secure by design, something you can’t say of Windows and MS is usely starting when things have become public.
I challenge everyone to prove that there is a known security issue.
PS
I know there is a issue with wireless drivers but then again Apple is already working on this, and then there is the Mac community, always on the watch.
I know there is a issue with wireless drivers
This isn’t a Mac issue exclusively. The people who found this acknowledged that they could crack Windows machines with similar drivers as well. This is a driver model issue.
This isn’t a Mac issue exclusively. The people who found this acknowledged that they could crack Windows machines with similar drivers as well. This is a driver model issue.
Denial ain’t just a river in Egypt, and vulnerabilities are vulnerabilities regardless of where they originate. The funny thing about that was their choice to emphasize the Mac:
Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the “Mac user base aura of smugness on security.”
“We’re not picking specifically on Macs here, but if you watch those ‘Get a Mac’ commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something,” Maynor said.
(link: http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macb…)
If the good guys are out to humble the Cult of Mac, what do you think the bad guys are up to?
OS X is certainly a reasonably secure platform, but comments from people like “I’m 100% secure” are just foolish. The wireless hack is an attack vector at a low enough level that it impacts OS X and Windows equally, applications running on OS X can introduce vulnerabilities people aren’t anticipating, and web browsers will always be a potential attack vector regardless of the browser or platform it is running on.
Certainly people participating in forums like this have a higher level technical expertise, but you’d be amazed how many Joe Average Mac owners think that they are somehow magically protected because OS X is bulletproof. THAT is the biggest vulnerability in OS X right now, and it’s Apple’s responsibility to deal with if they’re going to market their systems that way.
Denial ain’t just a river in Egypt, and vulnerabilities are vulnerabilities regardless of where they originate.
Dude, all I said is that it’s not a Mac issue exclusively, which it’s not. Before people go spouting off about an Apple security issue, they should at least understand that it’s a driver issue and it’s not limited to Macs. This is a COMPUTER security issue.
Dude, all I said is that it’s not a Mac issue exclusively, which it’s not. Before people go spouting off about an Apple security issue, they should at least understand that it’s a driver issue and it’s not limited to Macs. This is a COMPUTER security issue.
No, I get that, but the point I’m bringing up is perception. The fact that it’s a driver issue will mean nothing to Joe Average when his Mac gets pwned while he’s sitting in Starbucks sipping his latte just because his wireless connection defaults to on. He’s paying for Mac/OS X because stuff like that is not supposed to happen. The Apple commercials and the media all say so.
And the fact that it’s a driver issue hits home the point that Apple ultimately faces the same challenge Microsoft does, inability to control everything running in the environment. Sure, it’s a result of poorly designed third-party drivers but people paying for the OS X Experience don’t care. If Apple doesn’t figure out a more responsible marketing face to present for the security aspects of OS X, they’re going to be in for one hell of a PR disaster when the first big one hits.
Vulnerabilities exist everywhere and are often impossible to anticipate, but if Apple is going to help perpetuate the myth that OS X is enough to secure users, then they’ll have to deal with the reprecussions when the less savvy customers get hit. The “aura of smugness on security” whether coming from Apple or their userbase is an inherit weakness in OS X, regardless of how well the actual system may be coded.
Anyways, it’s just my 2c.
Oh really? Do you have a list of vulnerable systems? The one that was demonstrated on was using a 3rd party wireless card of unknown origin, not Apple’s. Windows and Linux have the same vulnerability.
In any case, Apple designs a secure OS and fixes security issues when they are discovered. The reason they release them in batches is that it’s far more conveinent that way. People don’t want strange things installed on their computer every day without their permission, if Apple released a patch every day it would get annoying very quickly. What’s more, releasing them in batches gives them time to test, find related problems, optimize, etc.
There’s no such thing as a perfect operating system. Macs are only invincible in a relative sense when compared to Windows, malicious software is still theoretically possible.
In any case, what Apple is doing is better than what Microsoft is doing with Vista. Shortly they will cease releasing information about security vulnerabilities in favor of using it to gain an illegal monopoly in the anti-virus market.
I’m curious what this fetchmail flaw is. It probably affects more than just MacOS X…