Apple plugs 25 Mac OS X flaws

VANCOUVER, B.C.--Apple on Thursday issued a security update for Mac OS X that addresses 25 security flaws in the operating system software.

The security update affects various parts of the operating system, including some third-party components such as the Kerberos authentication technology. The most serious of the vulnerabilities could allow an attacker to gain complete control over an unpatched Mac, Apple said in a security advisory.

The update deals with another trio of zero-day bugs that were disclosed as part of the Month of Apple Bugs in January. Apple has quashed many bugs detailed during the Month of Apple Bugs and Month of Kernel Bugs projects in previous patch releases.

While several of the vulnerabilities repaired by Apple's updates were previously known, it doesn't appear that any attacks exploiting the flaws actually occurred.

Apple's patch release comes just as hackers at the CanSecWest security conference in Vancouver, B.C., are being challenged to break into two MacBooks. A successful hack wins the hacker the MacBook and a $10,000 bounty, according to show organizers. The contest and conference ends on Friday.

Apple has released a Mac OS X security update each month this year. In March, the Cupertino, Calif., company released an update to fix 45 bugs in the operating system. Apple doesn't have a set patch schedule. Last year, the company released two Mac OS X updates in the first four months of the year.

The latest update is available through the Software Update feature in Mac OS X and from Apple Downloads.

[law_hog]

Where's the Macsaresafer dude?

"The most serious of the vulnerabilities could allow an attacker to gain complete control over an unpatched Mac"<br /><br />Safe as houses....

[Rickb1]

Here I am....

That's only 25... How many has Windows Fixed sinse XP came out... Hundreds!... Anything mad by man is never going to be perfect... Not even a Mac, but it is MUCH MUCH MUCH better to use than a windows machine, and much more secure... Get over it..

[Rickb1]

Here I am....

That's only 25... How many has Windows Fixed sinse XP came out... Hundreds!... Anything mad by man is never going to be perfect... Not even a Mac, but it is MUCH MUCH MUCH better to use than a windows machine, and much more secure... Get over it..

[rcrusoe]

"..gain complete control ...

IF you are a local user (i.e.have physical access to the keyboard). <br /><br />That's true of most computers which is why you physically secure data centers. About the only machine I've never been able to break into from the console is an IBM AS400.<br /><br />And knowing that is why any sensitive data on my hard drive is highly encrypted.

[keaggy220]

Claim by MACSARESAFERDUDE

The claim is that OSX has zero virus'. This remains true - I don't <br />use virus protection or spyware protection on either of my Macs. <br />There is no need.

[Macsaresafer]

Right here.

Why do Windows apologists like you have so much trouble <br />recognizing the enormous gulf between a vulnerability and an <br />exploit? I understand that a Windows vulnerability almost always <br />translates immediately into an exploit, but surely you must know <br />that is unique to Windows!<br /><br />It doesn't matter how many vulnerabilities are found. The fact is <br />that there are still no exploits, and the longer you scream <br />security by obscurity, the more your argument rings hollow: if <br />everyone says OS X is obscure, then everyone knows about it!

[OS11]

funny that Apple never said it...

this story is one of many to rile Windows user's inferiority complex.<br /><br />love to see where Apple said this, much better, show it actually happening on an "unpatched" Mac.<br /><br />impossible....... as usual.

[stevew928--2008]

Look at real world experience...

Here's the thing... I know hundreds of computer users, both Mac <br />and Windows. I know of NO Mac user using OSX that has been <br />hacked or had a virus of any kind. On the other hand, only a few of <br />the Windows users HAVE NOT been attacked at some level. Several <br />of them to the level of having to start over, wiping the machine, <br />etc. A few of them have been hit multiple times. Sorry, while in <br />theory you are correct that both Windows and Mac ARE vulnerable... <br />the Mac is far safer in the real world. -Steve

[MadKiwi]

As opposed to...

... all the STILL currently unpatched Windows flaws that ARE being actively exploited, these are potentially exploiteable and NO active exploits exist for them. Apple is patching before ANY damage is done. Macs ARE safer.<br /><br />Happy now?

[Vegaman_Dan]

These are the known and latest batch

This is 25 KNOWN issues that were patched. The funny thing about this is that they are patched today. You didn't even know that they existed yesterday, did you? How many MORE flaws are there in the system that you don't know are there right now? Just because Apple isn't telling you about them doesn't mean they aren't there. They didn't tell you about these 25 until after they patched them.<br /><br />So... how many MORE are STILL currently unpatched that ARE being actively exploited that you don't know about? Your logic falls flat on its face there.<br /><br />You can't patch what you don't know about and Apple isn't telling until after they release the patch. That doesn't say anything about the OS being safer- it says that you, the end user, are just in the dark about it.

[Vegaman_Dan]

These are the known and latest batch

This is 25 KNOWN issues that were patched. The funny thing about this is that they are patched today. You didn't even know that they existed yesterday, did you? How many MORE flaws are there in the system that you don't know are there right now? Just because Apple isn't telling you about them doesn't mean they aren't there. They didn't tell you about these 25 until after they patched them.<br /><br />So... how many MORE are STILL currently unpatched that ARE being actively exploited that you don't know about? Your logic falls flat on its face there.<br /><br />You can't patch what you don't know about and Apple isn't telling until after they release the patch. That doesn't say anything about the OS being safer- it says that you, the end user, are just in the dark about it.

[dragonfly8610]

Apple has only beat the hackers...

because the hackers aren't looking at them...not a financially viable option since there is only 1 Mac for every 9 Windows machines.

[Hep Cat]

Apple Plugs 25 flaws Prior to Exploitation

There, fixed that for you.

[Vegaman_Dan]

Fixed, done, and on to the next batch

I'm glad that Apple actually admitted that there were this many flaws that had to be patched, quite a few of them as being serious security issues. More typically they don't say anything and then release an unrelated patch for iTunes that happens to also take care of these other issues that they don't actively admit to.<br /><br />I don't care how they do it, just as long as it gets done. The vocal Mac users here are not used to having to admit their systems are exploitable and quite vulnerable, so they aren't going to do anything about securing their systems themselves, so Apple will need to do it for them.<br /><br />Congratulations to Apple for getting these 25 flaws patched. Now let's start working on the hundreds of others that the public isn't being told about yet.

[NewsReader_]

People in glass houses ...

Even before security researchers started focusing on Macs, there was this 'air of invulnerability' projected by Apple and Mac users. <br /><br />Now that flaws are being discovered on Macs, those voices have switched to "Macs are still more secure", "Big deal, Windows has 10K flaws", etc.<br /><br />This may be a bitter pill for Mac advocates to swallow but guess what, Macs likely have many more flaws yet to be discovered.<br /><br />Think about the attention that hackers and security researchers pay to Windows vs. Macs. Windows has been under scrutiny for many years by 1000's of hackers and researchers. Yes many exploits have been found and fixed. However, the rate at which flaws are being found these days is much lower than in the past. Put another way, the scrutiny has greatly improved the quality of Windows.<br /><br />Now look at Macs. Much fewer eyes have been prying it open for much shorter of a time span, yet the rate at which flaws are being found is very high, 70 in four months, and those are the result of a limited group of security researchers looking into it.<br /><br />Common sense suggests that given more time and more prying eyes, the number of Mac flaws found would be even higher. I believe we will all see this as Macs are used more widely, drawing more attention from people wishing to exploit a large user base. It is just not that interesting now unless you are a Mac user.<br /><br />So do not be so quick to throw rocks at Windows. Your house is likely made of glass too; you just do not realize it yet.

[qprize]

Reading is not the same as Reading Comprehension

There has yet to be a single documented exploit of an OS X Mac <br />without direct operator involvement. There hasn't been any <br />documented take-over of any machine, there's been no <br />documented trojan horse, no email bombs, no server break-in, <br />no disk drives erased. Almost to the last, everyone of these <br />"vulnerabilities" has required direct interface with the computer <br />either at the keyboard or through a trusted remote account with <br />supervisor access. Even the most vaunted of the so-called <br />vulnerabilities - the bogus exploitation of a 3rd party network <br />adapter - only caused the computer to shut down. Shutting <br />down when someone tries to break into my computer doesn't <br />really qualify as a true vulnerability to me. <br /><br />I don't claim to live in a bulletproof glass house. Just that <br />Windows machines seem to live in break-away stage glass <br />houses, while Macs seem more like Herculite® (the stuff they <br />use on hockey rinks).

[Rickb1]

GO for it man

Put your money where your mouth is...

[OS11]

OSX is more battle tested than Windows -

I think you are overlooking the fact that OSX has much more experience on world wide networks than Windows could ever hope to have.<br /><br />OSX is based on Unix, which is why BANKS and Security Firms use Unix... NOT Windows when they want the most battle tested OS.<br /><br />The world's best Hackers and Crackers have tried and tried to break into OSX, NONE have been successful. Most experts agree OSX is the most secure OS in common use today.<br /><br />It's a stronger foundation, something Microsoft doesn't have access to, Users are separated from the underlying OS, thus you can't alter the OS from the outside. Each file on OSX has "permissions" further preventing hackers. And the list goes on. Nobody can crack OSX.<br /><br />-

[gmcaloon--2008]

People in glass houses

Possibly hackers too were under the impression that the Mac OS was invulnerable to exploits. Certainly they would have gotten that impression from the many Mac fanatics who seem to know even less about the Macs they use than they know about Windows. <br /><br />By now of course the hacker do know how very vulnerable the Mac OS is and perhaps now they will go after it. Wouldn?t be surprised. <br /><br />And yes, I use an Intel iMac, along with Windows machines.

[NewsReader_]

People in glass houses ...

Even before security researchers started focusing on Macs, there was this 'air of invulnerability' projected by Apple and Mac users. <br /><br />Now that flaws are being discovered on Macs, those voices have switched to "Macs are still more secure", "Big deal, Windows has 10K flaws", etc.<br /><br />This may be a bitter pill for Mac advocates to swallow but guess what, Macs likely have many more flaws yet to be discovered.<br /><br />Think about the attention that hackers and security researchers pay to Windows vs. Macs. Windows has been under scrutiny for many years by 1000's of hackers and researchers. Yes many exploits have been found and fixed. However, the rate at which flaws are being found these days is much lower than in the past. Put another way, the scrutiny has greatly improved the quality of Windows.<br /><br />Now look at Macs. Much fewer eyes have been prying it open for much shorter of a time span, yet the rate at which flaws are being found is very high, 70 in four months, and those are the result of a limited group of security researchers looking into it.<br /><br />Common sense suggests that given more time and more prying eyes, the number of Mac flaws found would be even higher. I believe we will all see this as Macs are used more widely, drawing more attention from people wishing to exploit a large user base. It is just not that interesting now unless you are a Mac user.<br /><br />So do not be so quick to throw rocks at Windows. Your house is likely made of glass too; you just do not realize it yet.

[DaiMac]

Maybe need a bit more info..

OK, guess what, Macs used to have vulnerabilities and viruses <br />way back in the day, so anybody that said "Mac's are <br />invincible" (never seen that statement except from anti-Mac <br />trolls, so there ya go) is an idiot, and deserves all the scorn in <br />the world. That said, its crap to say that Apple and the MacOS <br />haven't has just as intense scrutiny on their security as Windows <br />or any other OS, if Mac OSX had the flaws (quantity and depth) <br />that Windows does it would be publicized along with the <br />exploits, for no other reason than because so many people who <br />use PCs hate Macs, and would love to publish destructive code <br />for them. On top of that, Symantec would love to add Mac Users <br />back to their customer base, as I said back in the Pre OS 8 days <br />many of us ran SAM because there were legit (though infrequent) <br />threats from viruses and such. And look at how much attention <br />things like this do get: CNET never covers mac stories (iPhone/<br />iPod/AppleTV don't count) unless they have some type of <br />negative security angle, because it makes Macs seem more <br />vulnerable, even if only for a moment.<br /><br />Also, what is this "shorter time span" that "much fewer eyes" <br />have had to look at Windows versus Macs? You can talk about <br />marketshare all you want, but less than 5% of PCs sold (and it <br />was a much higher percentage up until the mid 90s when PC <br />sales took off) is still a ton of units, and Mac OS is older than <br />windows, unless you count DOS. OSX is almost 6 years older <br />than Vista, but has already had more functional exploits (cursor <br />bug)<br /><br />My point is, you're right that some mac users have occasionally <br />been superior ******** about security, but perhaps you should <br />learn more about the actual history of the PC industry and Macs <br />before you make statements about the amount of resources <br />involved in either platform's development, your ignorance only <br />undermines your position.

[OS11]

Security Researches have always looked at OSX.

Your post doesn't make a lot of sense. OSX is the same OS that created the "world wide web", thus it's always been the center of "security" scrutiny.<br /><br />There is no new "bitter pill" to swallow. Mac users have always been keenly aware of security and have built the most secure OS as a result.<br /><br />Fewer and fewer Unix flaws have been found over the years, so it's winding down, not up.<br /><br />OSX is the most secure OS in use today, and will remain that way for the next several decades.<br /><br />OSX is made of bullet proof glass, nobody in the universe can break it.<br /><br />-

[NProszkow]

Sure, I agree

Yes, very true. The MAC has had fewer updates with OSX. We all need to account for the % market share of MAC vs PC computers. More people have PCs therefore more people attack PCs.<br /><br />Also, please use spell checker and re-read your postings. This will help with mispelled words.<br /><br />**Disclaimer: I use BOTH PCs and MACs and I like them both.

[dysonl]

No Need for Plugs

Who cares?! Hackers surely don't care about the Mac; why would anyone put in the effort to use an exploit that would affect only 25 people? Do many hackers care about the BeOS? Of course not.

[OS11]

problem is...

The Mac OS represents the most affluent user base in the world, thus the most valuable. Windows is easy to hack, OSX is impossible which has been proven over and over for YEARS.<br /><br />Hackers have tried and tried, but Apple is too smart from them. It's too high of hurdle even for the best russian minds.<br /><br />Thus, "zero" security issues with OSX.<br /><br />But have fun trying... we always like to laugh!<br /><br />just try and crack into this... I bet you $!,000,000 you can't.<br /><br /><a class="jive-link-external" href="http://24.8.244.176/" target="_newWindow">http://24.8.244.176/</a><br /><br />-

[bobmarksdale]

OH NO!!!

Now that you have adequately proved that macs are infinitely more vulnerable than pcs to take-overs...[snore]. PC lovers will take any chance they have to attack Macs mainly because they do not get the chance very often. That being said, I would also like to point out, as others have that none of these bugs have been exploited and also without saying it extremely verbosely... unix rocks, dos does not. Also I would like to point out that only about 5% of the market is controlled by mac OS's and about 93%ish(I don't know exactly, but close enough) by windows ones, yet on these blogs there are an equal number if not more mac supporters than winblows supporters. Does this tell us anything?

[DaiMac]

Who was on the Net first...

"Also I would like to point out that only about 5% of the market <br />is controlled by mac OS's and about 93%ish(I don't know exactly, <br />but close enough) by windows ones, yet on these blogs there are <br />an equal number if not more mac supporters than winblows <br />supporters. Does this tell us anything?"<br /><br />I remember a study from 1997 reporting that while Mac had a <br />3-6% marketshare from 95-97 they constituted over 45% of <br />internet users in the study's survey, and almost 25% of the pages <br />examined were created on a Mac. Now thats a long time ago, <br />and I know that the percentages have shifted to better reflect the <br />actual PC market, but the fact is that if you're a technically saavy <br />internet user who actually remembers using Mosaic then you're <br />more likely to be a Mac user than a PC user.<br /><br />The other thing is passion: most Mac users are very passionate <br />about their machines, whereas most consumers in general could <br />care less, they can check their email on both and Myspace.com <br />loads either way, so who cares which has what other features <br />and which UI is easier/better. While PC users (and I myself have <br />both, but the PC is not a "work" machine that I actually do <br />productive things with) like to harp on their marketshare, when <br />you hack off all of the machines used in offices and then <br />eliminate all the people who could care less what their computer <br />runs who have PCs, the number of PCs users who care enough to <br />come on forums and post for Windows or against Mac is <br />probably roughly the same as Mac users who can and will do the <br />same, hence the perception of parity.

[gmcaloon--2008]

Oh Yes!

Unix rocks and DOS does not? What kind of statement is that? Windows hasn?t used DOS since Win 98. There is no DOS in any NT Windows version, W2K, XP or Vista. <br /><br />You do indeed see many Mac supporters here than Windows supporters. In fact very few of the latter. Why is that? Because Windows users don?t need to prove anything given their numbers compared to Mac users. At that, Windows fanatics are almost nonexistent. On the contrary, Windows people most often are the most critical of Windows. Are they equally critical of the Mac? No. Why would they be? Most know nothing about Macs and don?t care to know anything about them. Some are still so ignorant of Macs they see them as hardly more than toys that are useful mostly for doing graphics stuff. Question most Windows users about Macs and usually you get nothing but a blank stare. <br /><br />There are many Mac fanatics however, although far fewer now than previously and we can be grateful for that at least. The reason seems to be that some Mac people see themselves as a victimized minority. They are not of course because again most Windows users hardly know Macs exist. But perception plays a part and Mac fanatics feel rather put out in a world dominated by Windows. Hence the tendency towards fanaticism.

[Travis Ernst]

Not 133 bug patch

Oh, sorry that was Microsoft that is issuing the 133 patches. And <br />was it a double patch for the out of cycle Cursor flaw? MS first fix <br />didn't even take.<br /><br />So whats all the gripe about Mac. Windows has your holy access <br />port to deal with.

[Vegaman_Dan]

True, it's not 133 bug patch

Considering the 133 versions of the bug patch for Windows was for differing languages, you can now use your same argument to now multiply the Apple patch by... guess what- 133. <br /><br /><br />Does that mean we can claim Apple had to create 3,325 patches with your logic?<br /><br />I don't think so. You can't compare the two OS patches as they aren't related. If you do try to do so, it would look terribly embarassing for Mac users and it's simply not the case.<br /><br />One Windows patch. Twentyfive Mac patches. Next week it can be the other way around.

[Travis Ernst]

Apple uses tempered glass

TSIA.<br /><br />Microsoft may make it's house out of thin float panes; while <br />Apple was thinking and used tempered so you can even walk on <br />it without causing it to crack.<br /><br />and yes, for the record, you can walk on tempered glass.<br /><br />It's just interesting that the Mac may have it's faults, as almost <br />any OS does, but we don't get the exploits. A lot of the time it is <br />third party wares that cause problems. Apple took a lot of that <br />problem out. Now it's just keeping the office all up to date so <br />there are not gaps on machines for the OS/security.

[liam04uk]

But...

I am a mac user and i use an anti virus for 2 reasons...<br /><br />1) So i can check files before i send them on the my windows using <br />friends and<br /><br />2) I know that no OS is perfectly secure, and one day i wouldn't be <br />surprised if someone wrote a virus or worm for OS X. I would like to <br />be protected from that rather then letting my ignorance be the <br />cause of me losing my years of work.

[balooh]

Millions of Windows PCs are controlled by bots

People seem to forget the simple fact that millions of Windows <br />PCs are permanently hijacked and controlled by bots, thereby <br />used to send hundreds of millions of spam email messages <br />around the clock, costing the IT industry and individual users <br />collectively billions of dollars.<br /><br />This means that taking over a Windows PC is a routine task, not <br />something that takes any effort. A small minority of Windows <br />machines may have been secured with third party software and <br />user effort to the point where taking control of them remotely is <br />not a routine task, but the vast majority of Windows machines <br />are prone to being hijacked without effort, using automated <br />tools that can do the job.<br /><br />By contrast, taking over a Unix system generally requires effort <br />and skill. Again there may be a minority of systems which have <br />been put in a state that they can be hijacked easily, but the <br />default state of a Unix system and thus the vast majority is such <br />that it requires real effort and skill to hijack if at all possible.<br /><br />Now, if legislation in a major economy such as the United States <br />or in the EU would change such that operating system vendors <br />become liable for the damage caused by the botnets and their <br />spam, then you would see Microsoft becoming concerned <br />enough to actually do something about it. Without any such <br />liability they have no incentive whatsoever and they will not <br />fundamentally change their tack to actually fix the problem.<br /><br />Another way would be to make the invidiual user liable for the <br />damage caused by any computer they operate even if their <br />machine has been hijacked without their consent and without <br />their active wrong doing, the wrong doing then being to have <br />chosen a system with lax security. This would then cause people <br />to stop using products that put them at risk of being held liable <br />and the resulting loss in revenue would then be of sufficient <br />concern so that Microsoft would have to fix the problem.<br /><br />In the real world though no such thing will happen. Microsoft is <br />too powerful for any legislation that would hold them liable to <br />pass and consumer rights rule out that any legislation would <br />pass that holds individuals liable. Without feeling any real heat, <br />Microsoft will continue to do business as they have always done <br />and we will continue to get more and more spam. It's as simple <br />as that.

[Joe Koskovics]

Perhaps we should outlaw arrogant users instead

Verbally attacking windows users and systems does not seem to be a reasonable approach to the overall security problems we face today. Apple is as secure as Windows, and Windows is as secure as Apple...until hackers turn their attention to them for fun and profit.<br /><br />People who have a real grasp on security understand that it requires something that this poster failed to consider. That concept is collaboration. Collaboration of users, security firms, developers, and the companies that write the paychecks. That is happening. <br /><br />Arrogance also breeds contempt rather than collaboration, especially against the innocent. Educating a friend or a neighbor is another option that this individual seems to have forgotten as well. Try spreading the word. Use real world social networking to bring people up to speed.<br /><br />Contribute rather than condemn. <br /><br />Otherwise we may be forced to outlaw arrogance as well.

[One-Eared Gundark]

You know why?

First, Windows PC's are inexpensive. Buyers can get a no-name cheap-o machine fro $300 ready to go. This means a lot of people choose a Windows box as their first computer. Lack of experience in a networked world is a dangerous thing.<br /><br />Second, Windows underlying code was built back before on-line security was an issue. It was designed to be easy for the user to install and run programs. This means that the user was an admin by default. To maintain compatibility, the same scenario applies even today.<br /><br />Third, MAC is Unix-based. Unix doesn't like people running in admin mode. Programs were written to operate without users having admin control.<br /><br />If Windows switched to a Unix based code, it would be more secure, but software compatibility would go out the window. This would be a huge expense for millions of businesses who would refuse to upgrade.<br /><br />Macs were able to make the switch by bundling the classic OS and allowing users to run in that environment. In this case, a smaller market share actually helped Apple. There were a few big pains (like Photoshop), but overall, it went pretty smooth. Minor bumps again when Apple switched to Intel...the biggest, again, being Photoshop.<br /><br />My point is, Microsoft's huge market share is what is killing their security. It's not that they are the biggest target, it's just that they are so big, that it is difficult for them to make the required changes without losing customers along the way.

[lkrupp]

The truth of the matter...

Between the blustering of security researchers, the TV <br />commercials touting OS X's security (which apparently annoys <br />the cr@p out some people), the vitriol constantly expressed by <br />C|net Apple bashers you'd think SOMEBODY would have created <br />a really nasty varmint and turned it loose on OS X by now, <br />wouldn't you? Just to prove a point? Why hasn't it happened? The <br />"not enough market share to matter" argument just doesn't hold <br />water anymore. There's something about OS X that makes it real <br />hard to attack successfully.

[Vegaman_Dan]

True- nobody really cares enough to write one

If someone does decide to write such a virus, then there will be some serious trouble if we base the average Macintosh user on the beliefs of people like Macsaresafer and Daimac, both of whom have recommended that Mac users NOT use any sort of AV or firewall products.<br /><br />They are actively telling people to leave their systems open and vulnerable. That's not responsible for anyone using any OS. If someone decides to go after Macs, then people like Macsaresafer and Daimac are prime targets.<br /><br />It does beg the question to be asked- what about exploits or bots that haven't been detected yet? If I had written a Mac based exploit, I don't think I'd want to brag or advertise the fact. Why attract attention when you could have hundreds of thousands of Macbot slaves at your command and their owners never even know about it? The experts here recommend taking no action to even check so- well, it's a prime area to do something about. There's already keyloggers in the world for OSX. How many are running undetected because the end users are brainwashed into thinking their system is invulnerable? <br /><br />Some day someone will make some splashy and obvious malware that will make people sit up and listen. I'm more worried about what's out there right *NOW* that people are not looking for.<br /><br />Don't bother saying they don't exist. I can claim that there are no bots for the OSX, but if I was a person trying to make a big bot net, I wouldn't exactly advertise that, now would I? It'd be far better to keep it quiet and give people no indication of the problem or else someone might try to stop it.

[Joe Koskovics]

Let's fix it and move on

It's very tragic that there has to be this "war" between Apple users and PC users. As a Windows user, I hold no grudge against Apple or their users. In fact, I think Mac Computers are great. I choose a PC for the business services they do so well. One day I will purchase a Mac, when I have the need for a machine that supports the arts. <br /><br />But what gets under my skin is how this community gets wrapped up in petty little arguments that take away from our overall strength. <br /><br />Collaboration with each other will be necessary as a part of the evolution of our security. And that can not happen if users on both sides continue to hold imaginary grudges.<br /><br />We have businesses, communities, and families we need to watch out for. Let's take a deep breath of reality and move on.<br /><br />And maybe we can build a more secure community together.

[TanNg]

Don't worry we have MS to blame

Don't worry we have Microsoft to blame.

[OS11]

for Vegaman_Dan...

that thread tree was stopped due to length so wanted to reply to your comments:<br /><br />---<br /><br />"One flaw that was patched was a denial of service attack that could result in code being executed on the local system"<br /><br />Ah, no. It only had the "potential" to execute code, which in Unix is like saying "impossible".<br /><br />"Hey, what sort of code would you like to run today? That flaw alone opened up the entire system to an outside attacker"<br /><br />Ah, but there was never a flaw that allowed code to "run". Big difference. You can't run "code" on OSX or any other Unix, with out root "access". You are overlooking that.<br /><br />"That's serious. That patch was taken care of, but what about the other vulnerabilities that still exist that Apple hasn't told you about?"<br /><br />Not sure what you mea... we as Mac Users are fully abreast of any potential attacks, the Mac community is the most wired, most informed group of computer users in the world. If there was an actual problem, Mac users worldwide would know within minutes, have a fix within hours.<br /><br />"Until yesterday, you didn't even know that THESE 25 vulnerabilities existed. How many more don't you know about that are on your system right now?"<br /><br />Ah, that comments is based on a "Windows Mindset", not a UNIX one. I know EXACTLY what is running on my system. I know EXACTLY what is installed. I know EXACTLY what I install. Nothing can be installed without my APPROVAL. You don't understand Unix it appears.<br /><br />"To claim that nothing can be installed on your system is- well, very, very, ignorant."<br /><br />Ah, you said it. Not me. NOTHING can be installed on a Mac running OSX, without physical keyboard APPROVAL. That's the difference.<br /><br />"How do you know if your system was exploited? If you keep sticking your fingers in your ears, you'll never hear the warning siren"<br /><br />Ah, you are forgetting, (or don't yet understand) there is no way "into" a OSX box from the outside. So right there, you can't "exploit" a Mac. I know it's tough for you coming from the Windows world, but the types of things you are suggesting simply don't matter to a Unix based machine.<br /><br />have a good day.

[smilin:)]

Thought you could just pass those stats on

Did you think you could just pass those stats on and nobody would question?<br /><br />MS has 71,000 employees. Apple 17,787. Although close it means apple has *more than* 1/4 the number of employees.<br /><br />Revenue numbers are cute but gross profit:<br />MS 36.63 Billion<br />Apple 5.6 Billion.<br />(That's less that 1/6 for those keeping track at home)<br /><br />How about we stay on topic:<br />Apple just admitted 25 flaws. Numerous privlidge elevations both local and remote. Nasty stuff.

[OS11]

i checked facts, you did not.

the numbers you provided:<br /><br />apple has 148 employees more than exactly "1/4th" hardly significant. my 1/4th comment was perfectly vaild<br /><br />size does matter, within 5 years, Apple will be larger than Microsoft in terms of Revenue. All without having an illegal monopoly to prop it up.<br /><br />of the 25 flaws, none were serious, none ever exploited in the wild. and "zero" were "nasty" also, no privilege escalations were reported.<br /><br />so this is another example of Apple doing all the "security" work BEFORE it ever touches a user... a polar opposite approach than what MS users.<br /><br />check your facts next time.

[Thomas, David]

This is the Best Post ... READ IT

<a class="jive-link-external" href="http://news.com.com/5208-10784_3-0.html?" target="_newWindow">http://news.com.com/5208-10784_3-0.html?</a><br />forumID=1&#38;threadID=26862&#38;messageID=259573&#38;start=0

[Siegfried Schtauffen]

Un-fair comparison

While I am extremely interested in how this works out, it really doesn't mean that much if no-one comes forward. The fact is that most Viruses/worms/trojans for Windows are either social engineering (and thus won't work too well against a static machine) or attack already patched exploits.<br /><br />Personally, I doubt that anyone will go to the effort to find a new exploit. Especially since the last challenge (that I heard of) resulted in a successful privilege escalation yet the fanboys thought that was OK. They could have at least skipped the last patch and made things fairer...<br /><br />(Anyone know when the challenge expires? At...<br /><br /><a class="jive-link-external" href="http://cansecwest.com/post/2007-04-19-12:30:00.Gentlemen_Start_Your_PWNing" target="_newWindow">http://cansecwest.com/post/2007-04-19-12:30:00.Gentlemen_Start_Your_PWNing</a><br /><br />...it doesn't say. I also cannot find any acknowledgement of the prize increase.)

[dansterpower]

Hack a Mac

To those commenting that the Mac is not hacked or does not <br />have viruses written for it due to low Market Share I say this: In <br />the 90's Mac OSX had even LESS market share and it had plenty <br />of viruses and sucessful hacks.<br /><br />OSX is more secure.<br /><br />Read about "hack a mac" at this link:<br /><br /><a class="jive-link-external" href="http://news.com.com/8301-10784_3-9710845-7.html?tag=tb" target="_newWindow">http://news.com.com/8301-10784_3-9710845-7.html?tag=tb</a>

[MSSlayer]

The difference between OSX and Windows

Take your average computer user(ie an idiot).<br /><br />Give him a default configured Windows(doesn't matter which one, they are all swiss cheese) and OSX box for a day.<br /><br />Tell him to use one on one day and other the next.<br /><br />Then run a check for spyware, viruses, trojans, rootkits, keyloggers, etc.<br /><br />Guess which box will "win".<br /><br />That is why OSX is a better system, a user with no technical knowledge can safely use it. It takes quite a bit of knowledge to secure a windows box(and still can't beat OSX or Linux) and tweak it to do what you want.<br /><br />Windows is the most user-unfriendly OS on the planet.

[mildew33]

MACS are OBVIOUSLY BETTER!

I like the Mac commercial where the PC guy is on top of the Mac guy. The Mac guy is on his knees and saying, "I hope UAC guy does not find out I am with you tonight." Then UAC guy busts in and joins PC guy and MAC guy. Then Mac guys says, "it just works."

[nightspark]

what are you saying

so what you're saying is that macs are for idiots.<br />good job numbnuts!

[Keith_C_A]

This is an old argument

ANY software is vulnerable to attacks ANY system is vulnerable to attacks. We only hear about the ones for windows systems because they are owned/operated by the MAJORITY. The more people who are affected by an exploit the more successful the creator of that exploit is. They create more havock and disable more machines by writing/creating the exploits for those machine owned and operated by the majority. Apple or OSX owners are just as vulnerable to attacks or why have these patches been created??????????????? Get over yourself there is NO difference in the security, just a difference on the amount of people who own different machines. PC&gt;OS thats all stop your mightier than though attitude