May 12, 2006 2:19 PM PDT

Apple flaws put both Macs and PCs at risk

Serious flaws in Mac OS X and QuickTime software could put Macintosh and Windows systems at risk of cyberattack, Apple Computer has warned.

In a pair of security alerts released Thursday, Apple outlined 31 flaws that affect various versions of the operating system and a dozen vulnerabilities in its QuickTime media player software. Security experts have deemed the issues "critical," but Apple does not provide a severity rating. Fixes are available.

The Mac OS X vulnerabilities lie in various components of the operating system and affect both the server and client versions, Apple said in an advisory. An attack could be launched using some of the bugs by creating a malformed file, or by building a malicious Web site and enticing someone to visit it, the company said.

"These flaws could be exploited by attackers to execute arbitrary commands, bypass security restrictions, disclose sensitive information or cause a denial of service," the French Security Incident Response Team, a security-monitoring company, said in an advisory.

The patches indicate that Apple is having a hard time completely resolving a security flaw that surfaced earlier this year. They fix an issue in the "download validation" function, a feature designed to protect Mac users from installing harmful code from a malicious Web site or e-mail--a risk more familiar to Windows users.

Apple added the function in a security update released in early March. Two weeks later, it issued another update to fix some problems with the feature. Thursday's fix tackles another issue: the download validation may be bypassed if a file has a long name, Apple said.

Critics have argued that the download validation function is not enough to address the installation risk, and that Apple needs to correct the problem at a lower level in the operating system.

The QuickTime flaws put both Mac OS X and Windows computers at risk of compromise. All of the vulnerabilities exist because of errors in the way the media player software handles certain files. Specially crafted files in certain media formats--including JPEG, QuickTime, Flash, MPEG4 and AVI--could allow an intruder to hijack a vulnerable system, Apple said in an advisory.

Apple's security update 2006-003 for Mac OS X and the QuickTime patch can be downloaded and installed via Software Update preferences or from the Apple Downloads Web site.

See more CNET content tagged:
Apple QuickTime, flaw, Apple Computer, advisory, Apple Mac OS

162 comments

Join the conversation!
Add your comment
Preventative Maintenace
no issues have been found, excpet those that Apple found, this is
just preventative maintenace...

Nice to see that Apple has addressed these issues in a timely
fashion.
Posted by SeaMoose77 (14 comments )
Reply Link Flag
exactly
Very true.

And note how the title on the main page for this article is slightly changed to make it as inflammatory as possible.
Posted by kxmmxk (320 comments )
Link Flag
Apple
Apple finds the flaws, fixes them.

M$ finds the flaws way later, then maybe, just maybe, they'll fix
'em.

Strange.
Posted by fakespam (239 comments )
Link Flag
Preventative Maintenace
no issues have been found, excpet those that Apple found, this is
just preventative maintenace...

Nice to see that Apple has addressed these issues in a timely
fashion.
Posted by SeaMoose77 (14 comments )
Reply Link Flag
exactly
Very true.

And note how the title on the main page for this article is slightly changed to make it as inflammatory as possible.
Posted by kxmmxk (320 comments )
Link Flag
Apple
Apple finds the flaws, fixes them.

M$ finds the flaws way later, then maybe, just maybe, they'll fix
'em.

Strange.
Posted by fakespam (239 comments )
Link Flag
Bit ironic
After seeing Apple's idiotic commercial going on about how there is no Virus problem on the Apple this is kind of ironic.

What Apple and their users fail to understand is that there is no virus's solely because there is harldy any interest in the platform so noone bothers to write viruses and trojans and so on for the mac.

Rest assured that if OS X becomes popular, whether it be because of Windows support or whatever, there will be many virus's popping up for it.

They say lack of virus's shows their a superior system but to the rest of the world it's just looked at as sad because noone cares enough to even exploit the dying OS.
Posted by panazule (7 comments )
Reply Link Flag
Almost...
The ad you cite does not say the mac is impervious to a virus,
only that there were not 114,000 known viruses for the mac last
year.

I agree the reason there are not 114,000+ viruses for the Mac is
not soley because the OS is not vulnerable, but at the same time,
security measures currently in place (limited user privilege at
run-time, for instance) make it harder for a virus to propogate
across OS X systems compared to Windows systems. Otherwise,
why would Microsoft be implementing a similar-style
mechanism in Vista (UAP)?
Posted by tcarreon (16 comments )
Link Flag
To: The Plea-to-Ignorance Crowd
There exist flaws in the Mac OS X operating system. There exist
flaws in the Microsoft Windows operating system. To argue by
implication that if Mac OS X was as popular as Windows is now,
it would suffer the same virus/worm-ridden and neglected fate,
possesses no logical validity. Like many so-called "intelligence
failures," we cannot secure ourselves from all we do not know
(i.e., an infinite set).

I am interested in how that multi-thousand-dollar prize for the
first in-the-wild Mac virus is going? Certainly virus-writers
could do with a few extra thousand dollars. It's been going for a
long time.
Posted by SNGecko (9 comments )
Link Flag
*yawn*
"What Apple and their users fail to understand is that there is no
virus's solely because there is harldy any interest in the platform so
noone bothers to write viruses and trojans and so on for the mac."

If I had a dollar for every time I've read/heard this argument...
Whatever, man. Moving on...
Posted by pmardones (21 comments )
Link Flag
LOL
Nobody has interest in that platform ... it's written every day.

Nobody eats at that restaurant ... it's way too crowded.

Thanks for the laugh.
Posted by open-mind (1027 comments )
Link Flag
Bit ironic
After seeing Apple's idiotic commercial going on about how there is no Virus problem on the Apple this is kind of ironic.

What Apple and their users fail to understand is that there is no virus's solely because there is harldy any interest in the platform so noone bothers to write viruses and trojans and so on for the mac.

Rest assured that if OS X becomes popular, whether it be because of Windows support or whatever, there will be many virus's popping up for it.

They say lack of virus's shows their a superior system but to the rest of the world it's just looked at as sad because noone cares enough to even exploit the dying OS.
Posted by panazule (7 comments )
Reply Link Flag
Almost...
The ad you cite does not say the mac is impervious to a virus,
only that there were not 114,000 known viruses for the mac last
year.

I agree the reason there are not 114,000+ viruses for the Mac is
not soley because the OS is not vulnerable, but at the same time,
security measures currently in place (limited user privilege at
run-time, for instance) make it harder for a virus to propogate
across OS X systems compared to Windows systems. Otherwise,
why would Microsoft be implementing a similar-style
mechanism in Vista (UAP)?
Posted by tcarreon (16 comments )
Link Flag
To: The Plea-to-Ignorance Crowd
There exist flaws in the Mac OS X operating system. There exist
flaws in the Microsoft Windows operating system. To argue by
implication that if Mac OS X was as popular as Windows is now,
it would suffer the same virus/worm-ridden and neglected fate,
possesses no logical validity. Like many so-called "intelligence
failures," we cannot secure ourselves from all we do not know
(i.e., an infinite set).

I am interested in how that multi-thousand-dollar prize for the
first in-the-wild Mac virus is going? Certainly virus-writers
could do with a few extra thousand dollars. It's been going for a
long time.
Posted by SNGecko (9 comments )
Link Flag
*yawn*
"What Apple and their users fail to understand is that there is no
virus's solely because there is harldy any interest in the platform so
noone bothers to write viruses and trojans and so on for the mac."

If I had a dollar for every time I've read/heard this argument...
Whatever, man. Moving on...
Posted by pmardones (21 comments )
Link Flag
LOL
Nobody has interest in that platform ... it's written every day.

Nobody eats at that restaurant ... it's way too crowded.

Thanks for the laugh.
Posted by open-mind (1027 comments )
Link Flag
funny...
They are quick to say how bad these "flaws" are, but don't bother to
mention that none (that i've read about) have actually been
exploited. This whole article seem very anti-apple. Surprising
from C/net.
Posted by robot999 (109 comments )
Reply Link Flag
funny...
They are quick to say how bad these "flaws" are, but don't bother to
mention that none (that i've read about) have actually been
exploited. This whole article seem very anti-apple. Surprising
from C/net.
Posted by robot999 (109 comments )
Reply Link Flag
Worst bias ever....
I am really tired of C'Net's anti-Apple bias. This headline has to be the worst I've seen.

In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK.

C'Net is a worthless mouthpiece for the WinTel hedgemoney. You and any of your socalled journalists should be ashamed of yourselves.
Posted by shralpmeister (11 comments )
Reply Link Flag
okay
As opposed to the MacTel homogeny?

It's not like the Apple elitist fanatics aren't asking for it. Somehow the Apple spinsters have managed to convince their patrons that they all think on a higher plane or are, in some way, superior to the 'average' Windows home user. The reality being that you just payed $3,000 for a computer w/ a $150 video card, bought into their BLOWN-out-of-proportion specs for their awesome Intel processors -remember, Intel 'used to suck', and will probably, in short order, be wearing the white, Apple logo sticker on your rear window...

Point is: Nothing is perfect. Try to convince yourself as you may, your Mac OS is not bulletproof. Someone will crack it, just like they will with Vista -although Vista will present a much more lucrative target and will therefore get more attention and resources. You represent a smaller number. And will get less attention for it. But don't go around thinking that you've got a better number. You're in a smaller crowd. So you can consider yourself more infrequent or rare. But not better. So drop the attitude and tell your brothers and sisters at Apple iChurch on Sunday to pull their heads out, realize their computers for what they are, and quit buying into the hype...

By the way, with 95% of the home market, Microsoft doesn't need a 'worthless mouthpiece'.
Posted by Michael Vasovski (8 comments )
Link Flag
but you are reading it
so how worthless can it be?
Posted by gggg sssss (2285 comments )
Link Flag
Bias?
I've seen the Windows title you mention (Windows Flaws put PCs at risk) every time there's a Windows fix (and that's almost monthly).
So I don't see any bias here. They are just doing for Apple what they routinely do for Windows (and before you make some witty comment about the number of times this happens for Windows, read Apple's announcement and see how many vulnerabilities they are fixing this time).
Posted by Hernys (744 comments )
Link Flag
Only in your own mind...
"I am really tired of C'Net's anti-Apple bias."

They seem pretty fair to me.

"This headline has to be the worst I've seen."

The worst headline? Hardly. It's ment to draw attention to an very important issue dealing with software.

"In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK."

Why? Microsoft knows about their problems as do their users. Plus Microsoft autopatches everything on a monthly basis anyways. What about your Mac?

"C'Net is a worthless mouthpiece for the WinTel hedgemoney."

Such as the MacIntel lockin? Don't make me laugh. You are a worthless mouthpiece for Apple. It seems that people like you who buy into Steve Jobs's vision of how the world is have a really bad case of HUA Syndrome. I'll let you figure out the meaning of that acronym.

Considering all the different hardware configurations that are out there, Windows does pretty freaking good despite all it's faults. What you fail to realize is the fact that all software (Microsoft, Apple, Open Source, etc) has bugs in it. Even OpenBSD, which is the most secure OS on the planet, has faults.

Why do you think that Steve Jobs won't let Mac OSX run on standard PC hardware? Because he want's total control over the hardware, the software, and your life. Bill Gates just wants to control the software, and he does. The pirmary reason why I went with Windows was hardware versatility. I also run FreeBSD systems too.

As another reader posted...."With 95% of the home market, Microsoft doesn't need a 'worthless mouthpeice'."

"You and any of your socalled journalists should be ashamed of yourselves."

And you should be ashamed of yourself for writing such a worthless post in a public forum. Your useless contribution to humanity is not wanted or needed.
Posted by Maelstorm (130 comments )
Link Flag
Worst bias ever....
I am really tired of C'Net's anti-Apple bias. This headline has to be the worst I've seen.

In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK.

C'Net is a worthless mouthpiece for the WinTel hedgemoney. You and any of your socalled journalists should be ashamed of yourselves.
Posted by shralpmeister (11 comments )
Reply Link Flag
okay
As opposed to the MacTel homogeny?

It's not like the Apple elitist fanatics aren't asking for it. Somehow the Apple spinsters have managed to convince their patrons that they all think on a higher plane or are, in some way, superior to the 'average' Windows home user. The reality being that you just payed $3,000 for a computer w/ a $150 video card, bought into their BLOWN-out-of-proportion specs for their awesome Intel processors -remember, Intel 'used to suck', and will probably, in short order, be wearing the white, Apple logo sticker on your rear window...

Point is: Nothing is perfect. Try to convince yourself as you may, your Mac OS is not bulletproof. Someone will crack it, just like they will with Vista -although Vista will present a much more lucrative target and will therefore get more attention and resources. You represent a smaller number. And will get less attention for it. But don't go around thinking that you've got a better number. You're in a smaller crowd. So you can consider yourself more infrequent or rare. But not better. So drop the attitude and tell your brothers and sisters at Apple iChurch on Sunday to pull their heads out, realize their computers for what they are, and quit buying into the hype...

By the way, with 95% of the home market, Microsoft doesn't need a 'worthless mouthpiece'.
Posted by Michael Vasovski (8 comments )
Link Flag
but you are reading it
so how worthless can it be?
Posted by gggg sssss (2285 comments )
Link Flag
Bias?
I've seen the Windows title you mention (Windows Flaws put PCs at risk) every time there's a Windows fix (and that's almost monthly).
So I don't see any bias here. They are just doing for Apple what they routinely do for Windows (and before you make some witty comment about the number of times this happens for Windows, read Apple's announcement and see how many vulnerabilities they are fixing this time).
Posted by Hernys (744 comments )
Link Flag
Only in your own mind...
"I am really tired of C'Net's anti-Apple bias."

They seem pretty fair to me.

"This headline has to be the worst I've seen."

The worst headline? Hardly. It's ment to draw attention to an very important issue dealing with software.

"In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK."

Why? Microsoft knows about their problems as do their users. Plus Microsoft autopatches everything on a monthly basis anyways. What about your Mac?

"C'Net is a worthless mouthpiece for the WinTel hedgemoney."

Such as the MacIntel lockin? Don't make me laugh. You are a worthless mouthpiece for Apple. It seems that people like you who buy into Steve Jobs's vision of how the world is have a really bad case of HUA Syndrome. I'll let you figure out the meaning of that acronym.

Considering all the different hardware configurations that are out there, Windows does pretty freaking good despite all it's faults. What you fail to realize is the fact that all software (Microsoft, Apple, Open Source, etc) has bugs in it. Even OpenBSD, which is the most secure OS on the planet, has faults.

Why do you think that Steve Jobs won't let Mac OSX run on standard PC hardware? Because he want's total control over the hardware, the software, and your life. Bill Gates just wants to control the software, and he does. The pirmary reason why I went with Windows was hardware versatility. I also run FreeBSD systems too.

As another reader posted...."With 95% of the home market, Microsoft doesn't need a 'worthless mouthpeice'."

"You and any of your socalled journalists should be ashamed of yourselves."

And you should be ashamed of yourself for writing such a worthless post in a public forum. Your useless contribution to humanity is not wanted or needed.
Posted by Maelstorm (130 comments )
Link Flag
Lust for page views spurs really badly distorted article (again)
Apple issued system updates. Because they actually fix something, CNet goes with the FUD headline.

Keep raking the muck, News.com.
Posted by M C (598 comments )
Reply Link Flag
Lust for page views spurs really badly distorted article (again)
Apple issued system updates. Because they actually fix something, CNet goes with the FUD headline.

Keep raking the muck, News.com.
Posted by M C (598 comments )
Reply Link Flag
Blown out of proportion
All these articles are popping up all over the net about how the
Mac is just as much at risk for viruses as Windows. Someone
needs money. All the anti-virus firms were pretty upset when
they lost sales of Mac anti-virus software. After realizing how
solid Mac OS X was, a lot of Mac owners just stopped buying it.
Wouldn't it be nice to blow the fear up so they can sell more?

NOTHING SELLS BETTER THAN FEAR

The PC Mafia has had a stranglehold on the market for some
time. They've gotten lazy and I dare say, a little afraid of what
Apple has up it's sleeve. What better method of staying on top
than accentuate the vulnerabilities of the competition.

OS X is built on UNIX and that is harder to crack than Windows
as another reader pointed out. Why do you thinks banks and
governments run UNIX? Many of the super user features on a
Mac are locked by default. I seriously don't believe that the Mac
is equally as vulnerable as Windows. It think it much more fair to
say that there are some viruses for the Mac and they squash
those pretty quickly.
Posted by Lance K Wig (2 comments )
Reply Link Flag
the facts
"I think it much more fair to say that there are some viruses for
the Mac and they squash those pretty quickly."

The facts:
There have been two pieces of malware ever written for Mac OS
X. Two. Neither successfully self propagated using the internet.
(I believe one was bluetooth. What a joke.) Current Mac virus
count: 0.

Not saying it can't be done, just that it hasn't been done in the 6
years OS X has been on the Mac.
Posted by Maverick18x (7 comments )
Link Flag
Blown out of proportion
All these articles are popping up all over the net about how the
Mac is just as much at risk for viruses as Windows. Someone
needs money. All the anti-virus firms were pretty upset when
they lost sales of Mac anti-virus software. After realizing how
solid Mac OS X was, a lot of Mac owners just stopped buying it.
Wouldn't it be nice to blow the fear up so they can sell more?

NOTHING SELLS BETTER THAN FEAR

The PC Mafia has had a stranglehold on the market for some
time. They've gotten lazy and I dare say, a little afraid of what
Apple has up it's sleeve. What better method of staying on top
than accentuate the vulnerabilities of the competition.

OS X is built on UNIX and that is harder to crack than Windows
as another reader pointed out. Why do you thinks banks and
governments run UNIX? Many of the super user features on a
Mac are locked by default. I seriously don't believe that the Mac
is equally as vulnerable as Windows. It think it much more fair to
say that there are some viruses for the Mac and they squash
those pretty quickly.
Posted by Lance K Wig (2 comments )
Reply Link Flag
the facts
"I think it much more fair to say that there are some viruses for
the Mac and they squash those pretty quickly."

The facts:
There have been two pieces of malware ever written for Mac OS
X. Two. Neither successfully self propagated using the internet.
(I believe one was bluetooth. What a joke.) Current Mac virus
count: 0.

Not saying it can't be done, just that it hasn't been done in the 6
years OS X has been on the Mac.
Posted by Maverick18x (7 comments )
Link Flag
Mac viruses?!? Let's put this in perspective...
Walt Mossberg, 'one of the most respected technology experts
on the planet' wrote:

There is no sudden security crisis on the Apple Macintosh
platform. In fact, for average Mac users, there isn't a security
threat of any significance, at least not yet. It is laughable to
compare the real, massive and burdensome security problems
on Windows with the largely theoretical security problem on the
Mac.

As I have said in the past, no operating system is invulnerable to
attack, including Apple's Mac OS X operating system, which
powers Macintosh computers. It is possible to write malicious
software for the Mac, including viruses and spyware, and it is
possible for this software to spread in the wild, infecting many
Macs.

However, despite what you may have heard, this hasn't
happened to any degree that matters, yet. As of today, there
have been exactly two documented, successful pieces of
malicious software -- viruses, trojan horses, worms -- that
affected users of the Mac OS X operating system, since it was
released in 2001. And these two failed to spread much, affecting
probably a few dozen people, and doing no harm. I expect there
to be a small number of additional Mac viruses this year.

By contrast, there are over 100,000 reported viruses for
Windows, some of which have affected millions of people and
have done significant economic damage. As for spyware, I know
of no documented cases on Mac OS X, while there are certainly
thousands on Windows. These Windows viruses and spyware
can't run on the Mac operating system, even on Macs powered
by the same Intel processors used by Windows PCs.

The recent publicity concerns theoretical vulnerabilities that
security firms have identified in Apple's operating system. These
vulnerabilities, like similar vulnerabilities in Windows, aren't
necessarily being exploited. Like Microsoft, Apple fixes
vulnerabilities as they are identified. But some critics say Apple
does this too slowly.

Security firms are saying that the discovery of these
vulnerabilities in the Mac has increased sharply lately. They say
that based on past patterns, this should yield a sharp increase in
the number of Mac viruses in coming years. But even a "sharp"
increase could well mean under 50 viruses by 2008.

So my advice to Mac users is that at the moment, I see no reason
to buy and run security software, which is in itself costly and can
degrade your computing experience. But you should make up
your own mind, based on your tolerance for risk.

Here's a test you can use. Imagine you live in a neighborhood
that has suffered only a couple of ambiguous, harmless
burglaries over five years, even though the neighborhood is
surrounded by much higher-crime areas. If you would buy a
burglar alarm in such a neighborhood, then buy Mac security
software. Otherwise, don't. Just turn on Apple's built-in firewall
and relax.

There is one exception: If you are running Windows on one of
the new Intel Macs, you are just like a Windows user, and you
must run Windows security programs when using Windows.
Posted by Dru richman (7 comments )
Reply Link Flag
They aren't talking about viruses
Try reading the article next time. It mentions simple
data files, like a JPEG image someone might download.
Posted by Jackson Cracker (272 comments )
Link Flag
Correction...
"There is one exception: If you are running Windows on one of
the new Intel Macs, you are just like a Windows user, and you
must run Windows security programs when using Windows."

Correction: If you are running Windows on one of the new Intel
Macs, you ARE a Windows user, and you must run Windows security
programs when using Windows.
Posted by RideMan (81 comments )
Link Flag
Mac viruses?!? Let's put this in perspective...
Walt Mossberg, 'one of the most respected technology experts
on the planet' wrote:

There is no sudden security crisis on the Apple Macintosh
platform. In fact, for average Mac users, there isn't a security
threat of any significance, at least not yet. It is laughable to
compare the real, massive and burdensome security problems
on Windows with the largely theoretical security problem on the
Mac.

As I have said in the past, no operating system is invulnerable to
attack, including Apple's Mac OS X operating system, which
powers Macintosh computers. It is possible to write malicious
software for the Mac, including viruses and spyware, and it is
possible for this software to spread in the wild, infecting many
Macs.

However, despite what you may have heard, this hasn't
happened to any degree that matters, yet. As of today, there
have been exactly two documented, successful pieces of
malicious software -- viruses, trojan horses, worms -- that
affected users of the Mac OS X operating system, since it was
released in 2001. And these two failed to spread much, affecting
probably a few dozen people, and doing no harm. I expect there
to be a small number of additional Mac viruses this year.

By contrast, there are over 100,000 reported viruses for
Windows, some of which have affected millions of people and
have done significant economic damage. As for spyware, I know
of no documented cases on Mac OS X, while there are certainly
thousands on Windows. These Windows viruses and spyware
can't run on the Mac operating system, even on Macs powered
by the same Intel processors used by Windows PCs.

The recent publicity concerns theoretical vulnerabilities that
security firms have identified in Apple's operating system. These
vulnerabilities, like similar vulnerabilities in Windows, aren't
necessarily being exploited. Like Microsoft, Apple fixes
vulnerabilities as they are identified. But some critics say Apple
does this too slowly.

Security firms are saying that the discovery of these
vulnerabilities in the Mac has increased sharply lately. They say
that based on past patterns, this should yield a sharp increase in
the number of Mac viruses in coming years. But even a "sharp"
increase could well mean under 50 viruses by 2008.

So my advice to Mac users is that at the moment, I see no reason
to buy and run security software, which is in itself costly and can
degrade your computing experience. But you should make up
your own mind, based on your tolerance for risk.

Here's a test you can use. Imagine you live in a neighborhood
that has suffered only a couple of ambiguous, harmless
burglaries over five years, even though the neighborhood is
surrounded by much higher-crime areas. If you would buy a
burglar alarm in such a neighborhood, then buy Mac security
software. Otherwise, don't. Just turn on Apple's built-in firewall
and relax.

There is one exception: If you are running Windows on one of
the new Intel Macs, you are just like a Windows user, and you
must run Windows security programs when using Windows.
Posted by Dru richman (7 comments )
Reply Link Flag
They aren't talking about viruses
Try reading the article next time. It mentions simple
data files, like a JPEG image someone might download.
Posted by Jackson Cracker (272 comments )
Link Flag
Correction...
"There is one exception: If you are running Windows on one of
the new Intel Macs, you are just like a Windows user, and you
must run Windows security programs when using Windows."

Correction: If you are running Windows on one of the new Intel
Macs, you ARE a Windows user, and you must run Windows security
programs when using Windows.
Posted by RideMan (81 comments )
Link Flag
You call yourself a writer?
Joris Evers sounds more like a made up name by the CNET staff...

What did you guys do? Write some script that auto-posts anti-apple JUNK on your C-Net website? (if you did, that's very cleaver... oh - oh, maybe I gave you an idea - ).

This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed!

I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago and don't even own an iPod... I have to say that OS X and Win XP are not on the same category... For people who DON'T KNOW! (aka - ignorant people), OS X is a much superior operating system without a doubt. I have been runnig my machine for 7 months. Not a freeze on sight, not a spyware, virus, malware, etc...

AND don't give me the quick-way-out response that: "oh, there is no one using Macs anyways, that's why there are not viruses".. think again. I was just at a technology conference last week and I saw nothing but macs (this was no mac convention btw)

Back to the subject... Bad article, don't quit your day job.
Posted by nerdngeek (2 comments )
Reply Link Flag
so silly
why u guys are so offensive when somebody writes a virus for Mac? Just bcos Mac is used by a handful ppl, there is no virus. Bcos if i am a virus programmer, i would like to target maximum ppl, bcos that makes sense. Do u think that ppl out there dont know how to write virus/worm for Mac? If u think that, u r more than stupid!
This is just the beginning... and it wont take mush days that ur Mac is affected by virus... wait and see. and then again come back and post message.
Till then enjoy being minority!
Posted by slaha11 (8 comments )
Link Flag
Why so defensive?
<This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed! I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago >

One sided? What side is that? Those that are against compromised computers? And, sorry to say, you a fan-boy. You did what ALL fan-boys do:
1) Attack the messager ("Bad article, don't quit your day job.")
2) State that your favorite is obviously vastly better (",,OS X is a much superior operating system without a doubt") than all others;
3) Claim the publication hates your favotite ("..auto-posts anti-apple JUNK on your C-Net website")
4) Claim that those who don't agree with you are blind in some way ("...For people who DON'T KNOW! (aka - ignorant people)...")

Its really sad how some fanboys can't see that all OS are exploitable (certainly some more than others) but can't see the positives in the OS company releasing updates to close off exploits. Or in a software company releasing patches for a media player.

For the record, I have WindowsXP, Windows 2000, Linux (PC Linux OS) and Mac OSX (G5) in my home / office. They all have their strenghts/weaknesses.
Posted by ScottMo (71 comments )
Link Flag
You call yourself a writer?
Joris Evers sounds more like a made up name by the CNET staff...

What did you guys do? Write some script that auto-posts anti-apple JUNK on your C-Net website? (if you did, that's very cleaver... oh - oh, maybe I gave you an idea - ).

This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed!

I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago and don't even own an iPod... I have to say that OS X and Win XP are not on the same category... For people who DON'T KNOW! (aka - ignorant people), OS X is a much superior operating system without a doubt. I have been runnig my machine for 7 months. Not a freeze on sight, not a spyware, virus, malware, etc...

AND don't give me the quick-way-out response that: "oh, there is no one using Macs anyways, that's why there are not viruses".. think again. I was just at a technology conference last week and I saw nothing but macs (this was no mac convention btw)

Back to the subject... Bad article, don't quit your day job.
Posted by nerdngeek (2 comments )
Reply Link Flag
so silly
why u guys are so offensive when somebody writes a virus for Mac? Just bcos Mac is used by a handful ppl, there is no virus. Bcos if i am a virus programmer, i would like to target maximum ppl, bcos that makes sense. Do u think that ppl out there dont know how to write virus/worm for Mac? If u think that, u r more than stupid!
This is just the beginning... and it wont take mush days that ur Mac is affected by virus... wait and see. and then again come back and post message.
Till then enjoy being minority!
Posted by slaha11 (8 comments )
Link Flag
Why so defensive?
<This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed! I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago >

One sided? What side is that? Those that are against compromised computers? And, sorry to say, you a fan-boy. You did what ALL fan-boys do:
1) Attack the messager ("Bad article, don't quit your day job.")
2) State that your favorite is obviously vastly better (",,OS X is a much superior operating system without a doubt") than all others;
3) Claim the publication hates your favotite ("..auto-posts anti-apple JUNK on your C-Net website")
4) Claim that those who don't agree with you are blind in some way ("...For people who DON'T KNOW! (aka - ignorant people)...")

Its really sad how some fanboys can't see that all OS are exploitable (certainly some more than others) but can't see the positives in the OS company releasing updates to close off exploits. Or in a software company releasing patches for a media player.

For the record, I have WindowsXP, Windows 2000, Linux (PC Linux OS) and Mac OSX (G5) in my home / office. They all have their strenghts/weaknesses.
Posted by ScottMo (71 comments )
Link Flag
Come on Joris...
I'm not going to make the charge of anti-mac bias, because this
is simply really bad journalism regardless.

Among the many errors in this article:

"All of the vulnerabilities exist because of errors in the way the
media player software handles certain files. Specially crafted files
in certain media formats--including JPEG, QuickTime, Flash,
MPEG4 and AVI--could allow an intruder to hijack a vulnerable
system, Apple said in an advisory."

In fact, Apple said no such thing in its advisory. What it did say
that the maliciously crafted files - in many cases corrupt files -
could cause an "application crash" or "arbitrary code execution"
You seem to have misconstrued the execution of arbitrary code
as tantamount to successfully hijacking a vulnerable system.
Among other things, that presupposes the target, intent, and
capability of the code string, and also ignores other security
measures at the OS level designed to prevent the system from
being "hijacked" in the first place by an intruder.

"Apple added the [download validation] function in a security
update released in early March."

In fact, download validation has been a feature of OS X since at
least the introduction of Tiger. The security update you
referenced modified the function so it would be more robust in
validating downloaded files.

I don't mind articles that sound an alarmist tone in order to get
the attention of users who should patch their installation. But
frankly Joris, your scribblings regarding Apple, OS X, and
security are frightfully amateurish. I look forward to greater care
on your part when you research your next article pertaining to
Apple and security.
Posted by Terry Murphy (82 comments )
Reply Link Flag
Come on Joris...
I'm not going to make the charge of anti-mac bias, because this
is simply really bad journalism regardless.

Among the many errors in this article:

"All of the vulnerabilities exist because of errors in the way the
media player software handles certain files. Specially crafted files
in certain media formats--including JPEG, QuickTime, Flash,
MPEG4 and AVI--could allow an intruder to hijack a vulnerable
system, Apple said in an advisory."

In fact, Apple said no such thing in its advisory. What it did say
that the maliciously crafted files - in many cases corrupt files -
could cause an "application crash" or "arbitrary code execution"
You seem to have misconstrued the execution of arbitrary code
as tantamount to successfully hijacking a vulnerable system.
Among other things, that presupposes the target, intent, and
capability of the code string, and also ignores other security
measures at the OS level designed to prevent the system from
being "hijacked" in the first place by an intruder.

"Apple added the [download validation] function in a security
update released in early March."

In fact, download validation has been a feature of OS X since at
least the introduction of Tiger. The security update you
referenced modified the function so it would be more robust in
validating downloaded files.

I don't mind articles that sound an alarmist tone in order to get
the attention of users who should patch their installation. But
frankly Joris, your scribblings regarding Apple, OS X, and
security are frightfully amateurish. I look forward to greater care
on your part when you research your next article pertaining to
Apple and security.
Posted by Terry Murphy (82 comments )
Reply Link Flag
Nothing New on the PC side of things.
I'm sure that can be remedied quickly.

Again nothing new on the PC side of things.
I'm sure their use to it already.
Posted by ServedUp (413 comments )
Reply Link Flag
Nothing New on the PC side of things.
I'm sure that can be remedied quickly.

Again nothing new on the PC side of things.
I'm sure their use to it already.
Posted by ServedUp (413 comments )
Reply Link Flag
NASA put 7 Americans at Risk
That header woud we expect from CNET next time Americans ride
on space shuttle?
Posted by Znatok (19 comments )
Reply Link Flag
NASA put 7 Americans at Risk
That header woud we expect from CNET next time Americans ride
on space shuttle?
Posted by Znatok (19 comments )
Reply Link Flag
And Then !?
Nearly all the fixes are similar in nature, and are preventing buffer overruns.

To even suggest that this means there is a virus, and puts other PCs, or even the Macs at risk is plain laughable, since the news comes only because a documented update was made.

OSX users, just keep doing your regular software updates, and you will be fine. If you are feeling paranoid, for some reason (like the FUD retailers getting into your heads), just change your software update preferences to daily.

... I mean really folks, the news here is "My Gosh, look what they did! They fixed something in the OS and now its not a [potential] problem anymore!" ...
Posted by Thomas, David (1947 comments )
Reply Link Flag
And Then !?
Nearly all the fixes are similar in nature, and are preventing buffer overruns.

To even suggest that this means there is a virus, and puts other PCs, or even the Macs at risk is plain laughable, since the news comes only because a documented update was made.

OSX users, just keep doing your regular software updates, and you will be fine. If you are feeling paranoid, for some reason (like the FUD retailers getting into your heads), just change your software update preferences to daily.

... I mean really folks, the news here is "My Gosh, look what they did! They fixed something in the OS and now its not a [potential] problem anymore!" ...
Posted by Thomas, David (1947 comments )
Reply Link Flag
More CNET AGIT-PROP
Articles like this one are propaganda designed to agitate, thus
creating more hits on CNET, thus increasing ad revenues.
Posted by rslavelle (11 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.