Oh Dear Apple

Caged

Caged

Caged

Caporegime
Joined
18 Oct 2002
Posts
26,469
http://www.apple.com/getamac/viruses.html said:
People attempting to break into computers may disguise a malicious program as a picture, movie, or other seemingly harmless file. You might download such files from the web or get them via mail or chat. A PC just blindly downloads them without a peep. A Mac, however, will let you know that you may be getting a wolf in sheep’s clothing. The Mac web browser, Safari, can tell the difference between a file and a program, and alerts you whenever you’re downloading the latter.
Click to expand...

http://www.channelregister.co.uk/2008/03/28/mac_hack/ said:
A brand-new MacBook Air running a fully patched version of Leopard was the first to fall in a contest that pitted the security of machines running OS X, Vista and Linux. The exploit took less than two minutes to pull off.

Charlie Miller, who was the first security researcher to remotely exploit the iPhone, felled the Mac by tapping a security bug in Safari. The exploit involved getting an end user to click on a link, which opened up a port that he was then able to telnet into. Once connected, he was able to remotely run code of his choosing.
Click to expand...

Maybe it's time to review those claims, Apple?
 
Yes it was the second day, what's your point? The first day showed that neither platform is vulnerable without user interaction.

Remote code execution triggered by clicking a link on a website is no biggie? If you say so. At the very least it goes completely against the quote in the OP from the "Get A Mac" campaign, smugness on the part of Apple isn't a valid security model.
 
Last edited:
What? It specifically talks about security issues caused by clicking on things in a web browser - I wouldn't expect any piece of Apple marketing to mention anything as specific as that, because it's marketing. Are we honestly going to differentiate between clicking a link that nukes Safari (presumably it's a buffer overflow) and then opens telnet ports to enable you to execute code on the host system, and a link that downloads a malicious file which then executes code on the host system? They both start at the browser and end with something running that you didn't want.

The way you word your reply honestly comes across like you almost don't accept that this is even a problem.

I'm not claiming that everyone should forget the last 10+ years of Windows, but it's time to wake up and realise that Mac OS does have holes, and it's just a case of somebody bothering to exploit them. It just so happens that $10,000 was enough to make someone bother.
 
Last edited:
Technically if it affects Safari in a way that it crashes with a telnet port open it is a program. I understand you're being pedantic though, I just can't understand why. The end result is exactly the same, and Apple's spiel reads like it's impossible for anything bad to go wrong if you use their wonder-browser.

Thanks for just repeating something I've already posted as a reply though without explaining why you're taking such a fingers-in-ears approach.

While we're being pedantic, when you're browsing the web you are downloading. So you can unbold that last bit.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom