digg

Facebook Connect Join Digg About

Month of apple fixes

landonf.bikemonkey.org Looks like someone's out to fix the bugs released by the month of apple bugs. The first one is already fixed!

Who dugg this? Made popular Jan 3, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

90 Comments

show profanity settings
expand all
  • glock22ownr, on 10/12/2007, -14/+37Because that guy is not a security expert, he is an attention whore. Despite all of the Windows fanboy comments that Apple deserves this bla bla bla, you have to admit that the guy is being a douchebag. I admire this dude for doing the noble thing and fixing these problems.
  • cbeach, on 10/12/2007, -10/+22A bug in VLC? How does that imply an Apple flaw?

    Month of "Apple bugs" my ass!

    Any talentless waster can dig up flaws in open source software. This guy is just an attention seeker benefiting from Apple's high profile.
  • godofpumpkins, on 10/12/2007, -7/+17MOAB seems more about, "Hey apple guys, get off your security high horses. Hahaha I'll prove that you guys are vulnerable too! Then I can feel good about myself for making some apple fanboys worried, and feel noble for having let the community know."

    It's true, I feel less smug now, but really no one is denying that OS X has vulnerabilities. I wonder if he even tried submitting vulns to apple before deciding it was a cumbersome process with autoreplies etc.

    Ah well, I hope we can prove that the apple community cares enough to actually fix them quickly.
  • jaredvolkl, on 10/12/2007, -11/+19Now why couldn't this MOAB guy just have done this in the first place. Release the bug, and also a patch. That way you don't open all of us to these holes.
  • paulmdx, on 10/12/2007, -3/+10If the security reports were made to Apple first they potentially wouldn't have been fixed as quickly (which has been known with other companies in the past). This provides imputus to fix them as soon as possible.
  • DaffyDuck, on 10/12/2007, -3/+10"I see Digg Apple fanboys ranting about how safe and secure OS X is on a daily basis."

    I've done some of that myself. However, when I say it's safe, I don't assume that OS X is flawless and without holes. What I mean is that the flaws that do exist are almost completely unexploited so RIGHT NOW Mac users don't have to worry very much about getting a virus or spyware, etc. I will also note that Windows spyware in general does not exploit holes (buffer overflows) but instead exploits bad security practices in Windows and while OS X is not perfect, it is much better in this respect.

    Lastly, I think spyware has become a bigger problem for Windows than viruses. I've had to clean my wife's laptop of spyware several times and they sure are nasty. I also have no respect for the concept of the registry which seems to give spyware free reign to do whatever the hell they want.
  • inactive, on 10/12/2007, -0/+6So, um, Apple isn't the company responsible for Quicktime?? You learn something new every day.
  • zang74, on 10/12/2007, -3/+9"Apple has practiced (and continues to) security through obscurity. Whether you choose to believe Mac has a 4.5 or 6% market share (or somewhere in the middle), OS X remains fairly secure due to nothing other than such a small number of people running it."

    Mac OS9 had less users than Mac OS X, and yet there were several "in the wild" viruses for it. Given that there are now more Mac users, shouldn't it stand to reason there be MORE viruses? And yet we've had nothing but proof of concepts that use social engineering as their prime modus operandi (hardly viruses than trickery). To boot, can you name when a single exploit has been successfully used?

    You can claim all you want that it's due to market share, but having a solid, time-tested and secure base to work with, and not encouraging sloppy backwards-compatibility and patch-style programming does make a whole lotta difference.
  • DaffyDuck, on 10/12/2007, -1/+6"you are talking about Apple-related forums. The true arrogance from Mac users shows up when they interact with the rest of the world, like here on Digg."

    Then why don't you just avoid the Apple stories instead of adding fuel to the fire? Apple users have found a home here. Kevin likes Apple and has created it's own section. Apple users come here and digg stories about Apple and discuss them. As far as stories about Windows or the Zune, it's unfair to assume that people that put them down are Apple users unless they state they are. There are many Linux users that dislike Microsoft. There are many Creative fans that dislike the iPod and Zune, etc.

    As far as which side of the MS vs Apple "war" is right, Apple fanboys in general deride products. Windows fanboys deride other people. I know which side I'd rather be on.
  • Jem2768, on 10/12/2007, -2/+7MOAB? What a heap of sh1t! Today's bug (number 2) is in VLC Media Player, a cross-platform media player, NOT made by Apple, NOT made for OS X, and NOT even a commercial program (it's frickin' free!).

    Zybch - how you think a bug in VLC is an APPLE bug is beyond me.
  • inactive, on 10/12/2007, -0/+5But isn't the QT bug, well, inside QT itself, or at the least uses QT as a kind of vector to then execute the actual exploit??
    Either way, QT is still the weak point, and QT is an Apple product, thus its still an Apple bug.
    Stop trying to wriggle out of what is definitely an issue with an Apple designed and made product..
  • StatusQuoRules, on 10/12/2007, -2/+7There has to be holes to find them first
  • loganinwonder, on 10/12/2007, -3/+8are you serious? "worth breaking" THAT is why windows sucks so bad? wow.
  • inactive, on 10/12/2007, -7/+11Hmmm, I have a computer that is easy to use and NEVER crashes on bootup, and yet I don't feel at all smug.
    Perhaps because its not a mac, thus smugness isn't a pre-requisite to owning it.
  • inactive, on 10/12/2007, -0/+4So let me see, the Windows version of Quicktime isn't made by apple either??

    OMG, my world is shattering!! So much stuff I didn't know!
    Lucky there are apple users to tell me the 'real deal'.
  • inactive, on 10/12/2007, -2/+6No one is asking you to go back to MS, only to be a little less arrogant after this reality shock.
  • Flanker, on 10/12/2007, -0/+4"I recommend you put mouth in gear before engaging mouth"

    You lose, Threlly.
  • HalBSure, on 10/12/2007, -1/+5My favorite part of this entire pissing contest was Apple's response (quoted in a few places):

    "Apple, for its part, did not seem to be upset with the project. "We always welcome feedback on how to improve security on the Mac," an Apple spokesperson, Anuj Nayar, said."
  • inactive, on 10/12/2007, -0/+3Sorry, but your initial posting simply reeks of arrogance! You might want to look up that word in a dictionary.
  • inactive, on 10/12/2007, -1/+4Microsoft IIS is the BEHIND Apache in the server market. Yet IIS gets MORE successful attacks than Apache (the most used server). Point Proved.
  • Flanker, on 10/12/2007, -1/+4I agree with you in general, but 20% of the PC market is a little high, don't you think? :) More like 4-5%. The article that hit the front page earlier said 20% of Americans owned Apple devices -- most of those are iPods.
  • nixfu, on 10/12/2007, -5/+8
    This "month of (non-apple) Bugs" is starting to turn into a total joke...

    It's DAY TWO and we are already being given NON-APPLE BUGS.... ROFL.


    Maybe MacOS IS SECURE AS the fan boys think.

  • elnerdo, on 10/12/2007, -7/+10My Windows XP computer is both easy to use and has never crashed in four years.
  • DaffyDuck, on 10/12/2007, -1/+4A properly configured Windows machine can be very stable. My workstation at work rarely crashes. I like OS X for other reasons. The lack of little messages popping up in the corner that say, "HEY LOOK AT ME" when I am busy doing something is a big annoyance for me. Also, how a window I am working on can lose focus when another app finishes doing something is another problem which is non-existant in OS X. I could go on but those are 2 design differences that I appreciate in OS X.
  • inactive, on 10/12/2007, -0/+3@DaffyDuck, you are talking about Apple-related forums. The true arrogance from Mac users shows up when they interact with the rest of the world, like here on Digg.
  • MacParrot, on 10/12/2007, -1/+3Why are people digging rufio down? He has a problem with a Mac (it does happen). Either make suggestions on how to fix it or leave it alone.
  • Cowboy5995, on 10/12/2007, -1/+3"So many? 0. They're not apple bugs, they're program bugs."

    Uhhh what about the one in Quick Time? Thats made by @pple right? I mean if the bugs are so insignificant why waste the time and money to patch them right?

    "Mac is more secure because a greater number of homes and businesses use Windows."

    It is some what true. It could be said that Virus writers are trying to get a message out or to cause the most problems for the most people so they target the most popular platform. After all who wants to piss off only %20 of the PC market that is out there when their are much bigger fish to fry like Windows and Linux. However, with Mac blowing its own horn they are only making them selves a bigger target and with some Mac people holding their ears and yelling "lalalalalala I cant hear you" the impending problem that many are working twards will only be worse.

    BTW this message was written on a Mac /switch and my pc only crashes tops 2 times a month because of GTA III and my vid drivers for my fx 5200.
  • washcapsfan37, on 10/12/2007, -1/+3I look at this MOAB as something good for Apple -- it's showing that someone out there thinks OSX is significant enough to take the time to try and break.

    Before you yell and scream, "4pp13 f4nB0Y!!11" and start waving torches and pitchforks at me, I am not an Apple fanboy. I do use OSX at home (I also have a XP box but I rarely use it), but I also use Windows and Solaris at work. I do like OSX for a lot of things. I think it is a good median between UNIX/Linux and Windows.

    My major concern with Windows is that the standard user in XP has admin privileges. Sure, you can configure Windows to have different accounts with different privileges but it takes a lot of work and technical knowledge that the average user does not have. Also, you can't run privileged processes (easily?) from a restricted level user account. In OSX, the default account has limited privileges but if a privileged process needs to be run it prompts for the super-user account. I like this because: 1) you can pretty much only hose up your user account, and 2) it tells me if some potentially bad process is trying to do something that could F*** something up. Of course buffer overflows are still an issue, but that's something that affects all OSes. Once Windows implements these sort of feature (does Vista?) I will be much less concerned with the current problems facing Windows.

    Just my $0.0000002.
  • nixfu, on 10/12/2007, -0/+2If you have a linksys wireless router(I BET), change your "Beacon Interval" down to about 30....that is the most common problem from what I have seen. Linksys did something odd with their router that is different than the way most work.
  • DaffyDuck, on 10/12/2007, -1/+3It's easy to find the same type of arrogance among Windows or Linux users. I know you guys have it in your heads that arrogance only exists among Apple users but it isn't the case. If you venture into Apple.com's forums you will see there isn't that much arrogance and a lot of people trying to help others out. Or go to AppleInsider forums where you can easily find Apple users complaining about OS X shortcomings (eg, FTFF). In my OS experimentations in the past I tried out linux, many years ago. I found linux forums and IRC channels to be populated by the most arrogant computer users. I have not gone on a jihad against them like naio, flag, zbych, et al. have against Mac users.
  • inactive, on 10/12/2007, -4/+6I like to believe it's a well accepted truth that the more proffered OS will be subject to greater security trials.

    What's in it for a guy to break the Mac, other than making a name for yourself? Mac is more secure because a greater number of homes and businesses use Windows.
  • inactive, on 10/12/2007, -9/+11@kevdotbadger: so you admit you are smug? Well, Apple fanboys seem to be evolving after all...
  • quuxly, on 10/12/2007, -3/+4@widman

    Reporting security bugs to Apple is NOT hard:

    https://bugreport.apple.com/

    And in general, they acknowledge and fix them. Oh, but wait. That doesn't really have enough PR grandstanding, does it?
  • DaffyDuck, on 10/12/2007, -1/+2"The US has a disproportionally high mac/PC ratio compared to everywhere else on the planet."

    And it will continue to be that way and it will continue to not bother me a bit.
  • inactive, on 10/12/2007, -2/+3Hey guys, has anyone brought a new macbook in the last month, with core 2 duo and had problems with wireless connectivity (airport) to their home router - I have been experiencing difficulties and looked at loads of forums about this but it seems really strange - my pcs work wirelessly and wired and my macbook works wired - my dads imac (not core TWO duo) works fine wireless through airport and wired. I finally made the plunge to mac and now this happens :(

    references:

    http://www.macfixit.com/article.php?story=20061229013511830
    http://forums.macosxhints.com/showthread.php?p=345698

    Any help or advice much appreciated
  • t3hX, on 10/12/2007, -0/+1I find that one quite funny - he uses an "exploit" that is a feature with it's own tutorial on Apple's site. Then he stacks on two IE exploits, and a Windows exploit to make it work!

    1) HREFTrack cross-zone scripting vulnerability
    -> Refer to local resources from remote.
    2) MS06-044 - Microsoft Management Console cross-site scripting vulnerability
    -> Inject script in local-zone.
    3) IE6 SP1 cross-zone scripting vulnerability
    -> Load script from remote in local zone context.
    4) ADODB.Recordset save adPersistXML vulnerability
    -> Save the HTA file on the startup folder of the victim.

    Interesting.
  • inactive, on 10/12/2007, -0/+1Thanks nixfu - unfortunately,I have a belkin adsl modem with 54g wireless router - i have restored factory settings, turned off security, changed ssid, channel broadcast etc
  • DaffyDuck, on 10/12/2007, -1/+2As I see it, there are 2 kinds of insecurity:

    Insecurity due to human error is one. Buffer overflows are an example of this kind of insecurity. All OS's have them because all humans are prone to error. I tend to think that Windows may offer more opportunities for error. It's made of older code and design concepts and appears to me much more disorganised than OS X. Just look at the directory structure of a fresh Windows install...what a jumbled mess (in comparison to OS X...why is calc.exe in System32, not Program Files??).

    Then there is the OS security model. I believe OS X to be far superior in this area. It's based off of BSD which is practically built from the ground up with security as an important factor. Enough said.
  • inactive, on 10/12/2007, -1/+2Worldwide its still under 2%. The US has a disproportionally high mac/PC ratio compared to everywhere else on the planet.
  • DaffyDuck, on 10/12/2007, -2/+3Kev, no offense but that's a stupid line of reasoning you are going with there. Let's cut out the symantics. It's an Apple bug. I hope Apple fixes it. However, it seems people who have tried to exploit it have failed. Something about difficulties in making a segment of inserted code executable.
  • HalBSure, on 10/12/2007, -2/+3Daffy, I don't want to alarm you but you have some unused icons on your desktop. Would you like some help with that?
  • 2shae, on 10/12/2007, -2/+3"My Windows XP computer is both easy to use and has never crashed in four years."

    mine has a lot of times and I have been virus infected, spyware infected and all that crap. + it hangs sometimes and I hate the "Not Responding" thing
  • t3hX, on 10/12/2007, -0/+1Sounds a little like the wifi driver flaw...
  • shmatt, on 10/12/2007, -0/+1rufio,
    your best bet on the web is to go to the Discussions section on the Apple support page, lots of helpful and knowledgable people there. They always fix my problem..
  • inactive, on 10/12/2007, -2/+2"If you have a linksys wireless router(I BET), change your "Beacon Interval" down to about 30....that is the most common problem from what I have seen. Linksys did something odd with their router that is different than the way most work."

    So now the router is the one to blame, huh? I've got a WRT54GS unit and it works flawlessly with my Windows PC and my Windows Mobile Pocket PC...
  • kevdotbadger, on 10/12/2007, -0/+0Just a thought, are we soon to expect the 3rd bug? It was about this time last night the VLC one was posted.

    Oh the suspense. Anyone want to guess what application the bug will be found in? My guess would be Textmate and how the app handles some sort of URL handle.
  • inactive, on 10/12/2007, -0/+0Thanks alot for the help you guys - I have followed all of the thread suggestions but still nothing - I think I will try and test it on another wireless connection at work - then I think its back to the apple store :)
  • DrDabbles, on 10/12/2007, -5/+5Why not tell Apple first? I'm sure many have tried. Just like the 5-years-of-xp-bugs, the month-of-firefox-bugs, the 6-years-of-IE-6-bugs, and so on. Just because you don't want someone to release the bug details doesn't mean it's not already common knowledge. Just imagine what horrible things exist out there that apple _hasn't_ been warned about.

    And with regard to the smug apple approach to bugs and security, get over it. I don't care if you're based on a *nix core or not...you're still vulnerable. Even more so at times because of the false sense of security you get. I say this while sitting on a *nix kernel myself.

    The point here is don't be retarded. No OS is completely safe, and if you're sitting in a coffee shop, I'll get what I want without using hacks. Trust me.
  • apolloandi, on 10/12/2007, -2/+2how about we all just kind of watch what moab does and say, cool someone is doing something relatively interesting instead of talking about how amazing/***** or stable/not stable osx/windows is
  • kevdotbadger, on 10/12/2007, -0/+0Nope! Another Quicktime one!

    http://projects.info-pull.com/moab/MOAB-03-01-2007.html

    posted about 5 seconds ago?
  • Fetching more discussions...
    Show 51 - 90 of 90 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.