backtop


Print 65 comment(s) - last by djtechsupport.. on Aug 6 at 2:05 PM


A recent Secunia study indicated that Apple had the most vulnerabilities of the major tech companies  (Source: Secunia)

Apple's Safari browser happily will fill in your personal info to malicious web forms. This glaring flaw can lead to an unacceptable breach of privacy.  (Source: Jeremiah Grossman)
"It just works." -- Apple slogan

Apple is known for its tendency to deny problems with its popular gadgets, making life miserable for customers when such problems occur.  While Apple's iPhone 4 antenna issues are currently stealing the show, there's perhaps no better example overall than Apple's spotty track record on security.

Security research firm Secunia just released a list of vulnerabilities and Apple for the first has come out on top as the most vulnerable.  Secunia warns, "[The] graph is not an indication of the individual vendors’ security, as it is not possible to compare the vendors based on number of vulnerabilities alone."

Apple's supporters were quick to attack the report.  
AppleInsider writes:

Not all vulnerabilities are equal: Secunia outlines five levels of criticality ranging from minor "not critical" issues to "extremely critical" problems that can result in remote exploits without any interaction from the user, and for which active exploits are already known to exist. Yet Secunia's vulnerability report totals throw all these various types of flaws together into sums that are frequently used for meaningless comparison purposes. 

It's ironic that almost simultaneous to the report another significant security flaw in Safari aired.  Safari -- Apple's browser software -- has oft seen releases so buggy to the point that they were unusable.  Safari 5 certainly offered some improvements in that department, but it apparently doesn't fair particularly better in the security department than past releases, including Safari 4 which had a flaw so severe it prompted a Department Homeland Security warning.

While the latest Safari bug isn't as bad an exploit as some go, considering it's not a route to installing malware, it can result in the theft of your personal info.  It all starts with one of Apple's features in Safari -- autofill.  Different from the standard browser's autofill, which remembers users names and passwords for certain sites, Safari has an even more ambitious autofill which maintains info about a user in their address book card and offers up these details when needed.

Unfortunately, Apple didn't appear to realize that it was necessary to screen what it allows to access this data.  Security researchers revealed that a simple web form can grab much of this data -- first name, last name, work place, city, state, and email address -- no questions asked.

Such info could be used in phishing schemes.  It could also be used in blackmail schemes if the users were visiting naughty websites.  Ultimately, it represents a gross threat to privacy that easily surpasses Apple's recent loss of iPad buyers' email addresses (a problem that was largely carrier AT&T's fault).  Apple was informed of the problem on June 17, 2010, but since has done nothing.

The flaw was discovered by Jeremiah Grossman, founder of WhiteHat Security.

Security problems are hardly something new for Apple though.  The iPhone has increasingly been attacked.  One security researcher suggested its security was so poor that it was "useless" to businesses.  Apple has made some improvements with each release of its iPhone OS, but they didn't stop malicious worms from cropping up in the iPhone 3GS generation.

On the computer side, Apple also has had numerous past issues.  Its weak memory protections in its past two operating systems -- Tiger and Snow Leopard -- have spawned a number of successful attacks.  Worse yet Apple's latest OS -- Snow Leopard -- shipped with an outdated vulnerable version of Adobe Flash.

Apple has made some gains -- its new OS does come with mild antivirus protections (though Apple quietly recommends users purchase dedicated AV software).  And the OS does offer working DEP (data execution prevention), though it ships with a virtually broken address space layout randomization (ASLR) implementation (which rival Microsoft's Windows 7 flawlessly implements).

Ultimately, though what is really killing Apple is its slow patch time.  Apple's "there is no problem" mentality has made it the slowest company at patching, according to recent surveys.  It took it a year to finally last year (June) patch a major Java hole.  Unfortunately, such performance is more the rule than the exception to it.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Meanwhile in the real world....
By Reclaimer77 on 7/25/2010 7:35:53 AM , Rating: 2
Tony, as uaual, there is so much wrong with your opinions - and they are opinions - that I don't even know where to begin.

quote:
In reality using a Mac is much safer than using a Windows PC and many millions of people know that, hence the steady rise in Mac sales.


Well when "many millions" of people actually buy Mac's, maybe we'll find out. As of now, safety via obscurity is not a sound strategy.

"Steady rise" in Mac sales? Ok, have you seen the sales of Windows 7? Can you explain to me why Bootcamp exists, if what you're saying about Windows is true?

quote:
This means that many millions of people (and businesses) have had real and actual experience of being attacked and compromised whilst using a Windows PC whilst almost no one has had a similar actual experience using a Mac.


Because no one uses them, idiot! The market share of Mac's being used in businesses is somewhere around 2%!! That's barely enough to clear the margin of error!

Apple doesn't even try to compete with Windows in the business world because they know they can't. It's a proven fact.

quote:
The truth of the matter is this: if you had to give your completely non-techie mum a PC and you knew that she was going to just get it out of the box, turn it on and in its fresh from factory state connect it to the internet 24 hours a day what platform would you advise her to get?


No brainer, Windows. Because "mum" isn't going to be downloading porn, visiting porn sites, using instant messengers or pirating software via torrents.

But "mum" DOES take pictures, prints a lot, does e-mail and surfs. Now when she buys a camera or printer, and it has bundled software, what do you think it's compatible with? Hell what do you think ANY software she buys will be compatible with? Yeah you go have fun telling "mum" she has to either A) have an Apple store in her area for programs to buy or B) download and install everything digitally. Man I bet she'll LOVE the prospect of that!!

quote:
They also added the Apple store which was a stroke of genius because, once fully established, the Apple store made buying tech kit or getting tech advice from Apple an order or magnitude easier and more pleasurable than doing it with any other computer supplier.


Yeah because EVERYONE has an Apple store right around the corner! Why go to Wal Mart or the shopping mall, both convenient as hell, when you can drive to the nearest Apple Store for all your closed source needs!! Brilliant.

Or you could go to Best Buy I suppose. Their Mac software section has about 10 titles, 4 or those being Snow Leopard and family packs for Snow Leopard and so forth. Very impressive selection indeed!

quote:
They want to get tech gadgets out of the box, including computers, and expect to be able to just turn them and use them safely. And why shouldn't they expect that?


Hey, fucking moron! It's not 1998 anymore! Jesus, have you even USED Windows lately?? You shouldn't talk if you don't know both sides of the argument, which you clearly don't.

If Windows 7 or Vista doesn't work "out of the box" for you today, you should NOT be using computers in the first place. I love how you Mac guys feel the need to use the "lowest common denominator" argument. "Hey, if you're a complete illiterate moron, you'll want a Mac, so Mac's must be better." What?

quote:
next quarter Mac sales will be up again and Apple will probably have higher revenues than Microsoft.


Yeeeah, now we KNOW you are drinking the Koolaid. Apple's revenue is 90% phones, pads, and Mp3 players. Look how much they generate in JUST PC sales. It's pathetic. You're comparing Mac PC's to Windows PC's, so don't pull the revenue card with us. We're not impressed.


RE: Meanwhile in the real world....
By Tony Swash on 7/25/2010 5:30:09 PM , Rating: 1
quote:
Hey, fucking moron! It's not 1998 anymore!


So much hostility to a complete stranger - where does it come from?

Back in the nineties when it looked as if Apple would collapse and Windows/Microsoft would achieve complete domination and the mac would be no more, us MacHeads used to get pretty ticked off, but that was because we thought we would be forced to use Windows. So our anger and resentment was somewhat understandable.

But some of you Window lovers seem to get all worked up just because someone is using a non-windows machine and Apple are making a hugely successful business out of being not-microsoft.

Why are you so upset about a bit of healthy competition?

No one will force you to use a Mac and nobody wants to.

Calm down - there is room for many different fruit in the garden.

Plus insulting strangers is bad karma.


RE: Meanwhile in the real world....
By afkrotch on 7/25/2010 9:28:35 PM , Rating: 2
Standard Mac user reply there, if I ever saw one. Lose the arguement (which happens 100% of the time), so question the other debater's sexual preference, personal life, or any other subject that may deter any further embarrasement.


RE: Meanwhile in the real world....
By Tony Swash on 7/26/2010 1:18:40 AM , Rating: 2
quote:
Lose the arguement (which happens 100% of the time),


We don't have to win arguments with you guys (let's face it we we won't change your minds anyway) because given Apple's results over the last few years it looks to me like Apple is winning the only argument that counts - that's results in the real world.

Articles like this one slamming Apple on security don't matter, all the huff and puff on forums like this don't matter, what matters is whether Apple makes products that people want to buy and it seems that on that count Apple is enormously successful.


By afkrotch on 7/26/2010 1:24:04 AM , Rating: 2
We are talking about computers right? I mean, according to results, they are still sucking huge donkey balls in that field.

Mp3 player, mp3 player with phone capability, and 10" screen mp3 player seem to be doing well.


RE: Meanwhile in the real world....
By joeballow on 7/25/2010 10:09:32 PM , Rating: 1
quote:
Hey, fucking moron! It's not 1998 anymore! Jesus, have you even USED Windows lately??


How can you possibly get this worked up over an comment in a safari bug article? Don't you have anything mildly important going on in your life to care about. Look, I am writing this from windows 7, so I'm no mac fanboy, but anyone who gets really worked up over the whole windows v. apple thing seems a little out of touch to me. They both do the exact same things, in almost the same ways.

I think windows is better, that's why I use it, but seriously you all need to calm down(on both sides of the debate). We can talk forever about which OS is more secure, but right now, I think OSX is better for the computer illiterate, which is a pretty large percentage of the computer using public. At school I spent hours removing viruses from windows laptops of people with no idea what they are doing, and the macs never had problems with that(not saying they had no problems, but no viruses, malware, etc.). Was it because they were all downloading torrents and porn? Absolutely, but still that was probably the right choice for them. For the people who know what they are doing, windows is probably the right choice for many reasons. I know for me the laptop I'm about to buy will be a 13" macbook, but it will be running windows 7 24/7. I can't seem to find a well constructed windows laptop with reasonable specs that even approaches the 10 hours the macbook gets in battery life. I'm around campus all day so the long battery life is going to be great. At the same time I have no interest in using OSX, I really quite like windows 7.

My point is this, whether you think a mac or windows products is best for you, everyone on both sides of the debate needs to calm down. You sound like idiots sometimes when you get so worked up over the differences between the two, which are petty in the grand scheme of things. Acknowledge that what is best for you may not be best for everyone, take a deep breath, and move on with your life. There are more important battles to fight, then this argument that is getting really old, of mac v. pc.


By afkrotch on 7/26/2010 12:09:36 AM , Rating: 2
You do know that battery life is going to drop the moment you start running Windows on it. That precious 10 hours is going to drop to like 5 hours.

I'd much rather just get a i3/i5 based HP TM2T tablet and get the same amount of battery life. But hey. Some of us actually make informed purchase decisions.


By themaster08 on 7/26/2010 3:45:52 AM , Rating: 2
I agree that these discussions can get a little hostile at times, but there's nothing wrong with a good old debate. That's the entire point of websites like this, right?

Let's face it, Tony's right. No one is going to change anyone's mind. No comment is going to change the entire outlook of everyone's opinions.

However, like most people here, I enjoy a good discussion and like to see the other side of things. You just have to accept that people have different ways of expressing their views. Some more hostile than others. That's fine by me, as long as they put up a good argument.


"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki