digg

Facebook Connect Join Digg About

Apple patches 26 security flaws

itweek.co.uk Of the patched security holes, 17 could expose the user to an arbitrary code execution.

Who dugg this? Made popular Aug 2, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

183 Comments

show profanity settings
expand all
  • _Caboose_, on 10/12/2007, -14/+83Eventually.


    .... most of the time.
  • redfan, on 10/12/2007, -44/+77OS X has security holes, and they get patched.

    Windows has security holes.
  • cwalk, on 10/12/2007, -3/+36No OS is flawless.
  • vdxc, on 09/29/2008, -20/+51the difference is though that Apple patched OSX before main damage was caused, Microsoft wait because they don't want to release it out of their monthly schedule - unless you pay extra of course.
  • merreborn, on 10/12/2007, -34/+65"I thought OS X was flawless and only Windows had security holes?"

    And, OS X patched 26 holes this week; Windows only patched 3.

    Obviously, windows is better!

    And Debian Linux patched 215! That's gotta be the least secure OS on the planet!
  • Feanor, on 10/12/2007, -5/+33Programmers are susceptible to error, just like every human.
  • KissTheRing, on 10/12/2007, -10/+29not flawless, just better
  • ho0ber, on 10/12/2007, -20/+39@zatrix: Then you're ignorant (rather, the persona you assume via sarcasm is)!

    I hope people realize that essentially every OS with any networking ability has security holes.

    I just say that although it is somewhat rough to find out about all sorts of holes in whatever your favorite OS is, it is good to know they're patched. Thankfully, it seems like most holes are patched quite quickly on higher targeted software these days, so the masses don't have much time to wreak havoc using a given publicized flaw.
  • Nesh, on 10/12/2007, -2/+20I think I can sum up all the comments to follow:

    "At least OSX patches their flaws! We have no viruses!"
    "That's because you have a low market share"
    "M$ fanboys are teh suxxors, use Linux"

    Move along, nothing to see here.
  • PuffyC, on 10/12/2007, -13/+29The vast majority of Windows exploits never exist in the wild prior to Microsoft releasing a patch. The patch is typically reverse engineered and a trojan/virus created after the fact, hoping ot catch those folks that don't want to install updates. Virus writers would almost never find these exploits if they didn't have the patches to use as a reference. That's why if you keep your PC updated, and you apply some common sense, your chance of getting a virus on Windows is virtually nil.
  • superkendall, on 10/12/2007, -14/+30Mac users know that the OS may have vulnerabilities at any point in time, just like Linux - or WIndows.

    What we also know is that we have no actual exploits loose in the wild.

    Additionally, a remote exploit by itself does not give you the whole picture of risk, to understand that you have to know how these exploits can be used. Does it require local access? Is it a problem in Safari? The answers to these questions and others tell you how much of a problem any given exploit really is.
  • p1mpjuice, on 10/12/2007, -4/+18On the second Tuesday of the second week of the month.
  • gh02t, on 10/12/2007, -11/+23OSX is built on freeBSD, known for its rock solid security. And BSD IS available on almost every platform imaginable.
    However, I admit that every os has its flaws. Open source ones just tend to be fixed quicker because of the ease of creating a patch.
  • wonkeythemonkey, on 10/12/2007, -9/+21Oh, I doubt that nobody cares enough to mess with OS X. Imagine the geek cred a malicious hacker would get if they managed to release the first-ever OS X virus into the wild. Add that to the occasional cash prize offered by Mac enthusiasts to anyone who can prove that a Mac virus exists, and you've got a pretty sweet pot going.

    So tell me again why nobody's trying to write a virus for OS X?
  • championchap, on 10/12/2007, -6/+17if it was good enough?
    wow, umm.. I hope you are kidding.

    IE is the most used browser on the web.. so obviously it is better than Firefox.. same logic.
  • vlurk, on 10/12/2007, -7/+18@merreborn

    The "15 minutes contest" was a real joke. All the potential hackers already had a local account, and the machine had SSH for them. The 15 minutes attempt was the time it took for someone to figure out a privilege escalation attack, which is more trivial to do once you have good knowledge of the environment and the available applications. The other contest, on the other hand, didn't offer a shell for potential hackers: that's why nobody succeeded.

    I just thought I had to write this so everyone could know the truth. :)
  • inactive, on 10/12/2007, -7/+18The flaws in Apples OS tend to be less severe than those in windows, and Apple patches things quicker. The entire OS is also more secure, since by default you dont run as admin and you are required to type your admin password to install anything that touches the kernel. Add to that a true file level security setting, and no win style registry to hide crap in, and you end up with a more secure product.

    You could bet that someone would love to claim the fame that comes with writing the first true and destructive OS X virus. Nothing is perfect, but the whole "you dont have viruses because no one uses apple" argument doesnt really cut it anymore. You would still be seeing some if it was as insecure as windows is, and so far we still have no true virus in the wild.
  • pfranz, on 10/12/2007, -6/+17Could you tell me this... OS X has been out almost 6 years. It likely has a higher install base than Mac OS Classic (due to growths in Mac sales since then--I couldn't find actual numbers with a quick search). There are many known viruses for Mac OS Classic, and few (many say none) for OS X. Why is that?
  • kepeli999, on 10/12/2007, -6/+16I don't have a lot of experience on OSX, so I don't comment much, but I can say this. I normally use Windows XP and basically run Flash 8 all day long, 6 days a week. My XP machine (a 4 year old Dell Precision 530) does not crash, ever. It has been on for 2 years, with occasional restarts when I install new software.

    Well, I did a 6 week contract earlier this year with a school and was forced to use Flash 8 on an MacBook. It was a clean OSX install out of the box and the administrator just put the Macromedia suite on it, nothing else. It crashed constantly, at least twice a day during my 6 hour work day. I got really used to saving every few minutes. Not impressed.
  • s0ny, on 10/12/2007, -0/+9I dont know what cave your living in, but 'round dez parts we's gots da fast inturnet!

    Seriously, you still think "most people" are stuck on dialup that purchase a Mac? HAH!
  • mojoel, on 10/12/2007, -1/+10The OS on my "Dual powered (Solar - Battery) Radio Shack calulator has been flawless for almost 10 years! Haven't had to patch or reinstall. Very dependable.
  • Hickeroar, on 10/12/2007, -13/+21I think it's funny that people who make comments about OSX being imperfect get buried, while the same comments applied to windows are rewarded...

    I know a rep at an apple store and he said they tell their buyers that their OS is 100% secure and is imperviable to viruses. Apple very solidly claims that their OS is perfect...while they're selling macs... The first major Apple virus is going to look REALLY bad when those people who were lied to start filing class action lawsuits...
  • maninblac1, on 10/12/2007, -1/+9Viruses use security holes. You can't spread without them.
  • Tyrax, on 10/12/2007, -7/+15This is digg, when steve jobs uses the restroom, it makes the front page
  • addiggt, on 07/06/2009, -4/+11Learn how to use the "reply" option. Also, that wasn't funny.
  • vdxc, on 09/29/2008, -5/+12it's been on Digg several times about how Apple's sales of MacBooks and iMacs is growing rapidly and how the market share is likely to increase. if you were a hacker, would you not like to be one of the first to write one for OSX?

    i'm not a mac fanboy, before you try saying i'll defend anything apple. yes, i like Macs, i don't have one though, i have a pc with xp, i'm quite happy with it. it does what it's meant to, so it isn't as nice as osx, but it does what i want and i'm happy.
  • mark1372, on 10/12/2007, -0/+6If there are 114,000 known viruses on PCs and Macs don't have them because they only have 3% market share, shouldn't they then have at least a proportionate 3,420 viruses, especially considering the vast amount of programmers who know *nix?
  • shmatt, on 10/12/2007, -1/+7welcome to 2006.
  • LaughingMan11, on 10/12/2007, -3/+9That's a nice thought, tzmguitarist, but you're wrong that vulnerability is measured in proportion to to the size of the target...

    By all accounts, Mac market share (machines sold in a year) stands somewhere from 2 to 4%... yet the proportion of Mac viruses, worms, and various flavors of unpleasantness to Windows cases do not reflect the 2% market share. The occurrence of Mac viruses, worms, etc... is very very low... lower than 2% of all cases of viruses and worms.

    If anything, Windows is disproportionately higher in rate of malware even if you consider they have a much larger market share than the mac... directly proportional means that it scales proportionately with size... this is not the case here. As for the explanation, I'll leave that to debate.
  • Zanneth, on 10/12/2007, -2/+8Who the hell has dial-up anymore?
  • DharmaTurtle, on 10/12/2007, -14/+20Right. No hacker wants to have the title of being "Da fiRsT do0d EVAR" to hack the Mac.

    I mean, what a stain on his name!

    (I can't believe that rhymed.)
  • Ubermensch423, on 10/12/2007, -2/+8@hickeroar
    so basically you evaluate a product based upon the level of fervor supporters of that product have, and not based upon the objective performance of that product? now that attitude and approach is incredibly dumb. and yes, generalizing a group of millions of mac users, with differing demographics and profiles, is definitely not ignorant.
  • merreborn, on 10/12/2007, -15/+21Right. That's why that little OSX hacking contest a few months back ended with the box being comprimised in under 15 minutes.

    What's that? No one, out of hundreds of attackers managed to get in over the course of 24 hours?
    http://www.vnunet.com/vnunet/news/2151531/apple-security-withstands?vnu_lt=vnu_art_related_articles
  • danakin, on 10/12/2007, -1/+610 hours? Good Lord, switch to broadband.
  • BrainInAJar, on 10/12/2007, -3/+8In a word, UNIX...

    There's about 40 years of practice as a multi-user/multi-tasking operating system gone in to UNIX. Windows has about 10 years of the same (I'm thinking the NT strain) and it's still held back by legacy support.

    The greatest thing Apple did was to ditch their old codebase & bring UNIX in to the mix (in fact, it's what got me to consider macs as a viable option in the first place)
  • mkpeaches, on 10/12/2007, -4/+9OS X is NOT linux in disguise in case you didnt know
  • greenamp, on 10/12/2007, -1/+6Funny, mine was less than 10mb. Nice try though.
  • inactive, on 10/12/2007, -5/+10they never claimed that they didn't have ANY flaws, what they claimed was that there weren't 100,000 viruses last year that exploited OS X flaws...
  • BrainInAJar, on 10/12/2007, -6/+11"OSX is built on freeBSD"
    no it's not, it's built on MACH with a freebsd userspace (meaning programs like 'ls', or 'cat') and a kernel system call wrapper

    "known for its rock solid security."
    no it's not, that's openbsd ( a single remote root exploit in 15 someodd years or something like that? )

    " And BSD IS available on almost every platform imaginable."
    no it's not, freebsd is availiable for x86(_64), alpha, ppc, and sparc64... you're thinking netbsd, which works on everything
  • kubudubudubuntu, on 10/12/2007, -5/+10@PuffyC: Why would you make such a false statement? people will actually belive that. But maybe your talking about script kiddies, then there might be some truths in that, but they are usually not the threat.
  • deadbaby, on 10/12/2007, -4/+8What does this have to do with OSX security patches?
  • alk509, on 10/12/2007, -0/+4It ain't so. They just patched them, remember?

    Peace,
    Al.
  • TheExtendedName, on 10/12/2007, -3/+7That MAC must have a bad stick of RAM. Or a pbkac issue.
  • iSEPIC, on 10/12/2007, -4/+8Commodore 64 has been out for much longer than OSX, but no Virus are out for it, gosh, it must be super secure!
  • LaughingMan11, on 10/12/2007, -3/+7Actually, the explanation is probably that Macromedia Flash for Mac is just a poorly written app compared to the Windows version...

    that and Flash 8 for Mac is still a PowerPC binary... you're running in emulation mode on your Intel Macbook... top that off with probably just the stock 512 MB of RAM in the Macbook, and you're probably running into stability and performance problems because of emulation.
  • yaosio, on 10/12/2007, -5/+9I like how when Windows gets a patch there are tons of people saying "lol patches :rolleyes: use Linux!" And when Apple OS gets a patch it's "this is NORMAL!" Good going next slashdot.
  • bleonard, on 10/12/2007, -14/+18why the hell is an operating system update making news?
  • inactive, on 10/12/2007, -6/+9oh gawd it reeks of fanboy in here.
  • fullgl, on 10/12/2007, -2/+5My update was 10 megabytes... I don't know where you find 140-something megs.
  • geekee, on 10/12/2007, -6/+9@kubuwhatever

    If you knew anything about security, you'd know that most Windows exploits are developed by reverse engineering patches.
  • Fetching more discussions...
    Show 51 - 100 of 183 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.