- home
- reviews
- news
- downloads
- cnet tv
On GameFAQs: The top 10 fighting games of all time
- log in
- join CNET
- welcome,
- my profile
- log out

Comments on: Attack code targets zero-day Mac OS X flaw

The unpatched security hole could be used by a remote attacker to compromise a vulnerable Mac, advisories say.

Add a Comment (Log in or register) Showing 2 of 2 pages (107 Comments)

Yeah...

by Reverend_Shank November 22, 2006 7:26 AM PST

Notice this states if you use Safari. Try Camino or Firefox and I bet this does not happen. You can also just uncheck the open safe downloads pref, and that will take care of that. Still beats the crap out of having "patch days" and people who actually want to attack an OS. Even if it could happen does not mean it will. It's like saying the Earth is vulnerable to alien attack.

Like this Reply to this comment

SG1 will protect us
by Vegaman_Dan November 22, 2006 7:49 AM PST: When Earth is attacked by aliens, we'll have the SGC to protect us.

In the mean time, Apple needs to own up to the flaw, issue a patch, and then move on. It's a simple thing. Will they? Let's wait and see.; Like this

Social engineering
by Steve Bryan November 22, 2006 11:23 AM PST: For those who might be unfamiliar with the idea here is the risk. People who benefit from or just plain enjoy creating mayhem are not trustworthy or truthful types of individuals. They will lie in order to get you to do something you would not ordinarly do. So in this case you would be incorrectly informed what is on a particular DMG (disk image). Just the act of mounting the DMG file is what causes a problem. It is not necessary to trick you into running someone else's malicious code. Apple's own OS code for mounting DMG files does not handle maliciously formatted DMG files.

It is probably also worth noting this quote from the site reporting this issue:

"Mac OS X fails to properly handle corrupted UDTO HFS+ image structures (ex. bad sectors), leading to an exploitable denial of service condition. Although it hasn't been checked further, memory corruption is present under certain conditions (in this particular case, unlikely to allow arbitrary code execution)."

So even if the adversary manages to lie successfully and get you to try to mount his maliciously ill-formatted DMG file there is no evidence you could experience more than a system crash. Since I can customarily run anything and everything on my Mac for months without a crash or reboot that would be annoying but it would be a poor excuse for an exploit.; Like this Reply to this comment

Were is that MAC guy

by stevenmcs November 23, 2006 12:02 AM PST

He said they don't get viruses?

Like this Reply to this comment

Virus? - try re-reading the story steve. . .
by K.P.C. November 23, 2006 2:17 AM PST: No where in the article is the word "Virus" mentioned.
You see:
"proof-of-concept code"
"vulnerability"
"flaw"
What exactly is the "Virus" you're talking about steve?; Like this View reply Hide reply
Processing

MACs
by DeusExMachina November 23, 2006 4:20 AM PST: Media Access Controllers Don't get viruses. Neither do macs.; Like this View reply Hide reply
Processing

Somewhere being exploited but still shouting they don't get viruses.
by Ryo Hazuki November 23, 2006 5:27 AM PST: Don't you get it? Mac users don't care they have proof-of-concept codes, high-risk vulnerabilities, zero-day flaws, attack codes, attacks and exploits as long as they can say they don't get viruses and we (more than 85% of people who use computers) do.; Like this

Bad story for Apple finnishes as always on CNET

by Ryo Hazuki November 23, 2006 5:36 AM PST

Interesting how every single story that's not that good news for Apple has to finnish in a positive side (and positive side for Apple is not to get positive facts about Apple, but negative facts about Microsoft). It's like it's forbidden to publish bad news about Macs without finnishing saying Windows is (still) worse. Who would say an OS with more than 85% of market share is the most targeted? When are Apple fanboys learn Maths (not Macs) once and for all and admit the facts? It's like someone dies in the USA and in the end of the news it says more people die every day in China, so we're cool. That's some professionalism.

Like this Reply to this comment

The fact is, there are no exploits.
by Macsaresafer November 23, 2006 6:58 AM PST: The fact that a corrupt disk image can crash the system is not an
exploit. You're desperately trying to make the Mac look as
insecure as Windows. Why? It's an exercise in futility.

Here's some math for you: even when some one eventually
develops a successful exploit, the ratio of Windows exploits to
Mac exploits will be well over 100,000 to 1. What's more,
because it will only be one exploit, it will be easy for Apple to
patch it quickly, and very likely will affect a very small
percentage of Mac users. Admit it, from a security (as well as
usability) perspective, it's much better to be a Mac user.; Like this View reply Hide reply
Processing

And you know about professionalism?
by ServedUp November 23, 2006 1:46 PM PST: The reason why most Mac Users are defensive about Apple
receiving any bad press is that most of the time they have to
deal with uninformed Windows users (and I've been in many PC
vs. Mac conversations), on how the Mac doesn't have this or
doesn't have that, or can't do this or do that. When in hindsight
(being a general Windows user myself), the Mac actually does
this, that and more! (well, more than I had thought).

Bootcamp & Parallels is the main reason, I switched from a PC
laptop to a Macbook. In my opinion it really is the only laptop
you'll ever need. As for PC towers, they are still cheaper than an
average Imac or MacPro unit, hopefully Apple can do something
about that. Why? Because I can still easily build a PC tower from
top to bottom thats comparable to a MacPro, minus the cool
industrial design, which people will pay a premium for.

But I won't elaborate any more than that, cause I'm not an Apple
salesman and I'm not receiving any of that Ipod-kick-back-
money. So Apple will just have to do its own marketing, minus
myself. Hehe.

But most Windows users will never know how great a mac runs
because most of them (and I know alot of Anti-Apple Windows
users) are comfortable using the one operating system and don't
need it for anything else.; Like this

Ummm... No
by metalhead11 November 27, 2006 7:14 PM PST: What you are saying makes sense, but is not correct. OS X, although it is not perfect, was built with security in mind, unlike XP. The UNIX kernal is far superior to that of NT (DOS 2.0) and is far more efficient. Macs have built in firewalls that ACTUALLY WORK, unlike that of the microsoft firewall that occupies gigabytes of valuable harddrive space. If you are trying to say that CNET is biased against Windows, you are looking in the exact opposite direction. Just look at the reviews for the macbook pro core 2 duo, somehow, the lack of a media card reader is costs a laptop 3.6 points!
Make sure you check your facts before speaking; Like this Reply to this comment

Ummm... No

by metalhead11 November 27, 2006 7:14 PM PST

What you are saying makes sense, but is not correct. OS X, although it is not perfect, was built with security in mind, unlike XP. The UNIX kernal is far superior to that of NT (DOS 2.0) and is far more efficient. Macs have built in firewalls that ACTUALLY WORK, unlike that of the microsoft firewall that occupies gigabytes of valuable harddrive space. If you are trying to say that CNET is biased against Windows, you are looking in the exact opposite direction. Just look at the reviews for the macbook pro core 2 duo, somehow, the lack of a media card reader is costs a laptop 3.6 points!
Make sure you check your facts before speaking

Like this Reply to this comment