Please support our Tech Talk advertiser:
Featured Entry 
Aug 18th, 2005, 9:15 am
On August 17, CERT (Computer Emergency Response Team) released information about Apple Mac products facing several security Vulnerabilities.
Systems affected: Mac OS X 10.3.9 and 10.4.2 (both workstation and server)
Apps affected: Apple Safari Web browser.
Apple has addressed these issues in "Apple Security Update 2005-007"
According to CERT's writeup, the most serious vulnerabilities may allow a remote attacker to execute arbitrary code, and may open the door to bypassing security restrictions and a denial of service.
Some of the cited errors and corrections--
* A buffer overflow error in OS X Directory Service
* Buffer overflow error in OS X Server's authentication process
* Buffer overflow problem concerning rich text files
* Buffer overflow problem concerning MS Word files
* A problem inside Safari that may execute arbitrary commands via URLs within PDF files
* Safari fails to perform security checks on links in rich content
To resolve these issues, Apple recommends that Mac users install Security Update 2005-007.
Christian
Systems affected: Mac OS X 10.3.9 and 10.4.2 (both workstation and server)
Apps affected: Apple Safari Web browser.
Apple has addressed these issues in "Apple Security Update 2005-007"
According to CERT's writeup, the most serious vulnerabilities may allow a remote attacker to execute arbitrary code, and may open the door to bypassing security restrictions and a denial of service.
Some of the cited errors and corrections--
* A buffer overflow error in OS X Directory Service
* Buffer overflow error in OS X Server's authentication process
* Buffer overflow problem concerning rich text files
* Buffer overflow problem concerning MS Word files
* A problem inside Safari that may execute arbitrary commands via URLs within PDF files
* Safari fails to perform security checks on links in rich content
To resolve these issues, Apple recommends that Mac users install Security Update 2005-007.
Christian
- kc0arf
•
•
•
•
advertising apple blog browser business daniweb data dell development economy email firefox forensic gaming google hacking hardware ibm intel internet iphone ipod linux mac malware microsoft mobile mp3 music news open source privacy programming research search security software sony spam stocks technology ubuntu video vista web windows xp yahoo youtube
All Recent Tags Comments (Newest First)
kc0arf | Posting Virtuoso | Aug 22nd, 2005
benna | Newbie Poster | Aug 22nd, 2005
•
•
•
•
People will use this to say windows is better than Mac, or at least not as insecure as people say, but the truth is all operating systems have security holes, and they always will. There are thousands upon thousands of lines of code, plenty of room for many, many hidden bugs. Some are marginally better, or perhaps designed in such a way as to make bugs less devistating, but they all have them.
Another aspect of the whole issue is that since so many more people have windows, attackers look that much harder for holes in windows to exploit. The potention for damage is higher and that is the attackers aim. For this reason these Mac OS things aren't a big deal. Nobody wants to attack Macs.
The nice thing about an OS like Linux (or Unix for that matter) is that it is engeneered in such a way that not every minor hole can be exploited to gain complete access to a machine. In Windows, every user is administrator by default. In linux, even the people who have root access do not login as root unless they need to. It is this culture of security which Windows (and Microsoft for that matter) lack.
Another aspect of the whole issue is that since so many more people have windows, attackers look that much harder for holes in windows to exploit. The potention for damage is higher and that is the attackers aim. For this reason these Mac OS things aren't a big deal. Nobody wants to attack Macs.
The nice thing about an OS like Linux (or Unix for that matter) is that it is engeneered in such a way that not every minor hole can be exploited to gain complete access to a machine. In Windows, every user is administrator by default. In linux, even the people who have root access do not login as root unless they need to. It is this culture of security which Windows (and Microsoft for that matter) lack.
Post Comment
•
•
•
•
DaniWeb Marketplace (Sponsored Links)
Related Blog Entries
- What Does the Future Hold for the OS? (1 Day Ago)
- Is Google an open relay spammer? (2 Days Ago)
- Computing and disabilities (5 Days Ago)
- Chinese Army of Hackers attack Belgium (5 Days Ago)
- Outlook Gets Help from the Facebook Generation (8 Days Ago)
- Review: Devotec Portable Solar Charger (8 Days Ago)
- Babbage Engine comes alive in Silicon Valley (10 Days Ago)
- Mobile Devices Represent an Opportunity for Google; Not a Threat (11 Days Ago)
- Don’t Install XP or Vista Service Packs, Microsoft Warns (13 Days Ago)
- Perhaps I Misjudged Microsoft as the Mesh Platform Shows (13 Days Ago)
Related Forum Threads
- April 3, 2007 Security Update For Windows Xp (Windows NT / 2000 / XP / 2003)
- Security update to the HP PML Driver ? (Windows Software)
- Cumulative Security Update for Outlook Express 6 Sevice pack 1 (Viruses, Spyware and other Nasties)
- How to uninstall the security update from DOS (Windows NT / 2000 / XP / 2003)
- The Security Update is not working!!Please help!! (Windows NT / 2000 / XP / 2003)
- DOWNLOAD the new security update now (Windows NT / 2000 / XP / 2003)
You are correct: there are different security paridgms in use out there. More often than not, you need to make a user a local administrator of a machine for certain software to work, and that just opens the door to machine compromise and infection. Linux and Mac users are not encouraged to be root (admin) users, therefore the damage pattern is much more restrictive.
Yet, with a shell account, you can as a average user, cause a unix machine to halt. Just write something that consumes all of the available processes, and that will force a restart. Technically, it is not a virus or an infection, but if you do it with any regularity, you may find your account closed, and legal teams hot on your trail.
Security is a shield with many different pieces. Each piece has to do his/her own job.
Christian