0

On August 17, CERT (Computer Emergency Response Team) released information about Apple Mac products facing several security Vulnerabilities.

Systems affected: Mac OS X 10.3.9 and 10.4.2 (both workstation and server)

Apps affected: Apple Safari Web browser.

Apple has addressed these issues in "Apple Security Update 2005-007"

According to CERT's writeup, the most serious vulnerabilities may allow a remote attacker to execute arbitrary code, and may open the door to bypassing security restrictions and a denial of service.

Some of the cited errors and corrections--

* A buffer overflow error in OS X Directory Service
* Buffer overflow error in OS X Server's authentication process
* Buffer overflow problem concerning rich text files
* Buffer overflow problem concerning MS Word files
* A problem inside Safari that may execute arbitrary commands via URLs within PDF files
* Safari fails to perform security checks on links in rich content

To resolve these issues, Apple recommends that Mac users install Security Update 2005-007.


Christian

2
Contributors
2
Replies
3
Views
12 Years
Discussion Span
Last Post by kc0arf
0

People will use this to say windows is better than Mac, or at least not as insecure as people say, but the truth is all operating systems have security holes, and they always will. There are thousands upon thousands of lines of code, plenty of room for many, many hidden bugs. Some are marginally better, or perhaps designed in such a way as to make bugs less devistating, but they all have them.

Another aspect of the whole issue is that since so many more people have windows, attackers look that much harder for holes in windows to exploit. The potention for damage is higher and that is the attackers aim. For this reason these Mac OS things aren't a big deal. Nobody wants to attack Macs.

The nice thing about an OS like Linux (or Unix for that matter) is that it is engeneered in such a way that not every minor hole can be exploited to gain complete access to a machine. In Windows, every user is administrator by default. In linux, even the people who have root access do not login as root unless they need to. It is this culture of security which Windows (and Microsoft for that matter) lack.

0

Hello,

You are correct: there are different security paridgms in use out there. More often than not, you need to make a user a local administrator of a machine for certain software to work, and that just opens the door to machine compromise and infection. Linux and Mac users are not encouraged to be root (admin) users, therefore the damage pattern is much more restrictive.

Yet, with a shell account, you can as a average user, cause a unix machine to halt. Just write something that consumes all of the available processes, and that will force a restart. Technically, it is not a virus or an infection, but if you do it with any regularity, you may find your account closed, and legal teams hot on your trail.

Security is a shield with many different pieces. Each piece has to do his/her own job.

Christian

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.