Oh Dear Apple

Caporegime
Joined
18 Oct 2002
Posts
26,469
http://www.apple.com/getamac/viruses.html said:
People attempting to break into computers may disguise a malicious program as a picture, movie, or other seemingly harmless file. You might download such files from the web or get them via mail or chat. A PC just blindly downloads them without a peep. A Mac, however, will let you know that you may be getting a wolf in sheep’s clothing. The Mac web browser, Safari, can tell the difference between a file and a program, and alerts you whenever you’re downloading the latter.

http://www.channelregister.co.uk/2008/03/28/mac_hack/ said:
A brand-new MacBook Air running a fully patched version of Leopard was the first to fall in a contest that pitted the security of machines running OS X, Vista and Linux. The exploit took less than two minutes to pull off.

Charlie Miller, who was the first security researcher to remotely exploit the iPhone, felled the Mac by tapping a security bug in Safari. The exploit involved getting an end user to click on a link, which opened up a port that he was then able to telnet into. Once connected, he was able to remotely run code of his choosing.

Maybe it's time to review those claims, Apple?
 
They all have there faults. What was windows time? and linux?

Should also consider how easy and how many exploits there are. There are loads of factors to consider.

I see what your trying to say, Apple shouldn't say theres is perfect, but windows cant be any better.

Linux *** :)
 
OSX's best security feature by far is obscurity. It comes as no surprise this was found. Fortunately for us Mac users the chances of coming across something like this in the wild is insignificant.

I'm really surprised Windows and Ubuntu are still holding out though. That's great.
 
As far as I'm aware wasn't this the second day of the hack event?

Second day being a day of lesser restrictions.. same thing happened last year, no biggie.
 
Yes it was the second day, what's your point? The first day showed that neither platform is vulnerable without user interaction.

Remote code execution triggered by clicking a link on a website is no biggie? If you say so. At the very least it goes completely against the quote in the OP from the "Get A Mac" campaign, smugness on the part of Apple isn't a valid security model.
 
Last edited:
What? It specifically talks about security issues caused by clicking on things in a web browser - I wouldn't expect any piece of Apple marketing to mention anything as specific as that, because it's marketing. Are we honestly going to differentiate between clicking a link that nukes Safari (presumably it's a buffer overflow) and then opens telnet ports to enable you to execute code on the host system, and a link that downloads a malicious file which then executes code on the host system? They both start at the browser and end with something running that you didn't want.

The way you word your reply honestly comes across like you almost don't accept that this is even a problem.

I'm not claiming that everyone should forget the last 10+ years of Windows, but it's time to wake up and realise that Mac OS does have holes, and it's just a case of somebody bothering to exploit them. It just so happens that $10,000 was enough to make someone bother.
 
Last edited:
People attempting to break into computers may disguise a malicious program as a picture, movie, or other seemingly harmless file.....The Mac web browser, Safari, can tell the difference between a file and a program, and alerts you whenever you’re downloading the latter.
 
Technically if it affects Safari in a way that it crashes with a telnet port open it is a program. I understand you're being pedantic though, I just can't understand why. The end result is exactly the same, and Apple's spiel reads like it's impossible for anything bad to go wrong if you use their wonder-browser.

Thanks for just repeating something I've already posted as a reply though without explaining why you're taking such a fingers-in-ears approach.

While we're being pedantic, when you're browsing the web you are downloading. So you can unbold that last bit.
 
Last edited:
They all have there faults. What was windows time? and linux?

Should also consider how easy and how many exploits there are. There are loads of factors to consider.

I see what your trying to say, Apple shouldn't say theres is perfect, but windows cant be any better.

Linux *** :)

A lot of security is based on the popularity of the OS...

Windows may seem (or did seem :p) a lot more insecure over an Apple computer as it's only a handful of users on Apple(/Linux), the rest on Windows.

You could look at it this way:

What's the point in spending hours/days/months finding an exploit for an Apple PC when it's so difficult to find one on the internet (compared to a Windows machine).

Now, if you make or find an exploit/virus for a Windows machine then you can be pretty sure most people on the internet can be a victim to this exploit or virus.

Now I agree Linux is probably more secure over both Apple and Windows as most servers on the internet are using Linux, so it's probably a rather large target for hacking.
 
Technically if it affects Safari in a way that it crashes with a telnet port open it is a program. I understand you're being pedantic though, I just can't understand why. The end result is exactly the same, and Apple's spiel reads like it's impossible for anything bad to go wrong if you use their wonder-browser.

Thanks for just repeating something I've already posted as a reply though without explaining why you're taking such a fingers-in-ears approach.

While we're being pedantic, when you're browsing the web you are downloading. So you can unbold that last bit.

Ok then.

For your information, my fingers are not in my ears, I just don't care.
 
To be honest why is some bloke going to want to sit there and wait for me to go to his website click his link, then come on my iMac? to browse my holiday snaps? its bull all pc's are vulnerable to hackers if they want in they will get it! but they want to hack big firms to show there skills not an everyday computer. Surely the biggest threat to home users are viruses!
 
OSX's best security feature by far is obscurity. It comes as no surprise this was found. Fortunately for us Mac users the chances of coming across something like this in the wild is insignificant.

I totally agree. The reason mac's are 'virus free' is that, not many people are that bothered about hacking them....

To be honest why is some bloke going to want to sit there and wait for me to go to his website click his link, then come on my iMac? to browse my holiday snaps?
...for that exact reason.

I cant imagine that many people use their macs for anything much else than fun and home use like this. I suppose taking someones online banking details etc could be profitable.

This is of course just my opinion.

Does anyone know if there are many Macs used in big business? Not including photo and video editing etc..
I suppose all it takes is one guy working in NatWest or something to want a Mac instead of a PC and this little 'back door' becomes pretty serious.

I'm not sure what I'm arguing for now? I'm Ill :(
 
isn't it always the case that the only problem with software development is the user?

I guess the lesson here is to be sensible when clicking links and don't go wallying around on websites that you don't trust.
 
Back
Top Bottom