Print 41 comment(s) - last by mmcdonalataocd.. on Jun 17 at 11:51 AM

Fortunately no serious damage was done during the meantime

With close to 75 million OS X distributions reportedly in the wild, triple the number two years ago, Apple has to start taking security more seriously.  Fortunately for Apple users, while security researchers regularly demonstrate OS X exploits, the Black Hat community remains rather apathetic to attacking the Mac community.

The latest highlight in a growing picture that OS X may not be as secure as some think came in May when security firm Intego, which makes security software for Macs, warned users of a Java flaw in the OS X Java distribution which could allow Java applets to execute malicious code.  Intego complained, "Apple has been aware of this vulnerability for at least five months, since it was made public, but has neglected to issue a security update to protect against this issue."

The flaw, was originally found by Sami Koivu, who reported it to Sun Microsystems on August 1st 2008.  The vulnerability also affected OpenJDK, GIJ, icedtea and Sun's JRE, which share the same core classes with Apple's Java SE and J2SE.  A patch was issued by Sun on December 3rd 2008, with most of these distributions quickly incorporated it.

Months went by with no action from Apple, though.  Programmer Landon Fuller aired proof-of-concept code of how to use the exploit to attack Apple OS X installs in May.  Still, Apple did not incorporate the patch.  States Mr. Fuller, "Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated.  Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept to demonstrate the issue."

Now a month later Apple has finally released a patch for Java on OS X 10.5 Leopard (the latest version) and 10.4 Tiger.  Describes Apple, "Java for Mac OS X 10.5 Update 4 delivers improved reliability, security, and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X v10.5."

The patch for OS X 10.5 can be found here, while the patch for OS X 10.4 can be found here.

This is not the first serious door that Apple has left open.  Last September a researcher going by the pseudonym "Securfrog" published code to crash Apple's QuickTime video player after Apple ignored a glaring flaw for months.  Similarly, a DNS flaw discovered by Dan Kaminsky was only fixed months later.

In Apple's defense, Microsoft also occasionally is slow to patch issues -- such as the recent patch of a long-standing Microsoft Office bug.  However, when it comes to security flaws in web accessible content -- such as QuickTime, Java, or Safari -- Microsoft's track record is much better than Apple's.  These are the types of content most frequently exploited to attack machines over the web.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: It's all about perception
By GodisanAtheist on 6/16/2009 3:36:45 PM , Rating: 4
You and I are thinking alike.

People keep saying, over and over, that the Mac community is too small to write a virus for, oh would you rather infect billions or ten and the same rhetoric over and over. But the Mac community really isn't THAT small, that those guys are smug enough for the other 90% that use PC's and just accept viruses as a part of life.

So what people are effectively saying is that there are no enterprising hackers out there that want to make a real name for themselves being "The Scourge of Jobs" or just to take satisfaction in laying low some folks with a real superiority complex?

We're in trouble if even our hackers rely on windows welfare to get by... where's the entrepreneurial spirit guys?

RE: It's all about perception
By misuspita on 6/17/2009 2:45:44 AM , Rating: 2
I've got a brand new Conspiracy Theory!

What if all the virus writers are actually Jobs Holy Armada to crush the Empire of Windows? Paid to do damage to the Enemy! I mean, that could be the exact answer as to why the apples don't get any worms (sic!) or viruses, only Windows machines do.

By mmcdonalataocdotgov on 6/17/2009 11:51:32 AM , Rating: 3
It is not that the market size is so small, or medium-sized etc, so much as the fact that the virus will need to travel on compatible operating systems. It would be like pond scum breaking out in one of your neighbor's pools. Unlikely to spread to your pool since they are not connected. Now if it broke out in the ocean (oh-chin) then it could travel whereever it wants.

The disconnected Mac community just cannot propagate viruses well. The connected MS community can.

"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki