Serious flaws in Mac OS X and QuickTime software could put Macintosh and Windows systems at risk of cyberattack, Apple Computer has warned.
In a pair of security alerts released Thursday, Apple outlined 31 flaws that affect various versions of the operating system and a dozen vulnerabilities in its QuickTime media player software. Security experts have deemed the issues "critical," but Apple does not provide a severity rating. Fixes are available.
The Mac OS X vulnerabilities lie in various components of the operating system and affect both the server and client versions, Apple said in an advisory. An attack could be launched using some of the bugs by creating a malformed file, or by building a malicious Web site and enticing someone to visit it, the company said.
"These flaws could be exploited by attackers to execute arbitrary commands, bypass security restrictions, disclose sensitive information or cause a denial of service," the French Security Incident Response Team, a security-monitoring company, said in an advisory.
The patches indicate that Apple is having a hard time completely resolving a security flaw that surfaced earlier this year. They fix an issue in the "download validation" function, a feature designed to protect Mac users from installing harmful code from a malicious Web site or e-mail--a risk more familiar to Windows users.
Apple added the function in a security update released in early March. Two weeks later, it issued another update to fix some problems with the feature. Thursday's fix tackles another issue: the download validation may be bypassed if a file has a long name, Apple said.
Critics have argued that the download validation function is not enough to address the installation risk, and that Apple needs to correct the problem at a lower level in the operating system.
The QuickTime flaws put both Mac OS X and Windows computers at risk of compromise. All of the vulnerabilities exist because of errors in the way the media player software handles certain files. Specially crafted files in certain media formats--including JPEG, QuickTime, Flash, MPEG4 and AVI--could allow an intruder to hijack a vulnerable system, Apple said in an advisory.
Apple's security update 2006-003 for Mac OS X and the QuickTime patch can be downloaded and installed via Software Update preferences or from the Apple Downloads Web site.
After seeing Apple's idiotic commercial going on about how there is no Virus problem on the Apple this is kind of ironic.
What Apple and their users fail to understand is that there is no virus's solely because there is harldy any interest in the platform so noone bothers to write viruses and trojans and so on for the mac.
Rest assured that if OS X becomes popular, whether it be because of Windows support or whatever, there will be many virus's popping up for it.
They say lack of virus's shows their a superior system but to the rest of the world it's just looked at as sad because noone cares enough to even exploit the dying OS.
The ad you cite does not say the mac is impervious to a virus, only that there were not 114,000 known viruses for the mac last year.
I agree the reason there are not 114,000+ viruses for the Mac is not soley because the OS is not vulnerable, but at the same time, security measures currently in place (limited user privilege at run-time, for instance) make it harder for a virus to propogate across OS X systems compared to Windows systems. Otherwise, why would Microsoft be implementing a similar-style mechanism in Vista (UAP)?
There exist flaws in the Mac OS X operating system. There exist flaws in the Microsoft Windows operating system. To argue by implication that if Mac OS X was as popular as Windows is now, it would suffer the same virus/worm-ridden and neglected fate, possesses no logical validity. Like many so-called "intelligence failures," we cannot secure ourselves from all we do not know (i.e., an infinite set).
I am interested in how that multi-thousand-dollar prize for the first in-the-wild Mac virus is going? Certainly virus-writers could do with a few extra thousand dollars. It's been going for a long time.
"What Apple and their users fail to understand is that there is no virus's solely because there is harldy any interest in the platform so noone bothers to write viruses and trojans and so on for the mac."
If I had a dollar for every time I've read/heard this argument... Whatever, man. Moving on...
After seeing Apple's idiotic commercial going on about how there is no Virus problem on the Apple this is kind of ironic.
What Apple and their users fail to understand is that there is no virus's solely because there is harldy any interest in the platform so noone bothers to write viruses and trojans and so on for the mac.
Rest assured that if OS X becomes popular, whether it be because of Windows support or whatever, there will be many virus's popping up for it.
They say lack of virus's shows their a superior system but to the rest of the world it's just looked at as sad because noone cares enough to even exploit the dying OS.
The ad you cite does not say the mac is impervious to a virus, only that there were not 114,000 known viruses for the mac last year.
I agree the reason there are not 114,000+ viruses for the Mac is not soley because the OS is not vulnerable, but at the same time, security measures currently in place (limited user privilege at run-time, for instance) make it harder for a virus to propogate across OS X systems compared to Windows systems. Otherwise, why would Microsoft be implementing a similar-style mechanism in Vista (UAP)?
There exist flaws in the Mac OS X operating system. There exist flaws in the Microsoft Windows operating system. To argue by implication that if Mac OS X was as popular as Windows is now, it would suffer the same virus/worm-ridden and neglected fate, possesses no logical validity. Like many so-called "intelligence failures," we cannot secure ourselves from all we do not know (i.e., an infinite set).
I am interested in how that multi-thousand-dollar prize for the first in-the-wild Mac virus is going? Certainly virus-writers could do with a few extra thousand dollars. It's been going for a long time.
"What Apple and their users fail to understand is that there is no virus's solely because there is harldy any interest in the platform so noone bothers to write viruses and trojans and so on for the mac."
If I had a dollar for every time I've read/heard this argument... Whatever, man. Moving on...
They are quick to say how bad these "flaws" are, but don't bother to mention that none (that i've read about) have actually been exploited. This whole article seem very anti-apple. Surprising from C/net.
They are quick to say how bad these "flaws" are, but don't bother to mention that none (that i've read about) have actually been exploited. This whole article seem very anti-apple. Surprising from C/net.
It's not like the Apple elitist fanatics aren't asking for it. Somehow the Apple spinsters have managed to convince their patrons that they all think on a higher plane or are, in some way, superior to the 'average' Windows home user. The reality being that you just payed $3,000 for a computer w/ a $150 video card, bought into their BLOWN-out-of-proportion specs for their awesome Intel processors -remember, Intel 'used to suck', and will probably, in short order, be wearing the white, Apple logo sticker on your rear window...
Point is: Nothing is perfect. Try to convince yourself as you may, your Mac OS is not bulletproof. Someone will crack it, just like they will with Vista -although Vista will present a much more lucrative target and will therefore get more attention and resources. You represent a smaller number. And will get less attention for it. But don't go around thinking that you've got a better number. You're in a smaller crowd. So you can consider yourself more infrequent or rare. But not better. So drop the attitude and tell your brothers and sisters at Apple iChurch on Sunday to pull their heads out, realize their computers for what they are, and quit buying into the hype...
By the way, with 95% of the home market, Microsoft doesn't need a 'worthless mouthpiece'.
I've seen the Windows title you mention (Windows Flaws put PCs at risk) every time there's a Windows fix (and that's almost monthly). So I don't see any bias here. They are just doing for Apple what they routinely do for Windows (and before you make some witty comment about the number of times this happens for Windows, read Apple's announcement and see how many vulnerabilities they are fixing this time).
The worst headline? Hardly. It's ment to draw attention to an very important issue dealing with software.
"In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK."
Why? Microsoft knows about their problems as do their users. Plus Microsoft autopatches everything on a monthly basis anyways. What about your Mac?
"C'Net is a worthless mouthpiece for the WinTel hedgemoney."
Such as the MacIntel lockin? Don't make me laugh. You are a worthless mouthpiece for Apple. It seems that people like you who buy into Steve Jobs's vision of how the world is have a really bad case of HUA Syndrome. I'll let you figure out the meaning of that acronym.
Considering all the different hardware configurations that are out there, Windows does pretty freaking good despite all it's faults. What you fail to realize is the fact that all software (Microsoft, Apple, Open Source, etc) has bugs in it. Even OpenBSD, which is the most secure OS on the planet, has faults.
Why do you think that Steve Jobs won't let Mac OSX run on standard PC hardware? Because he want's total control over the hardware, the software, and your life. Bill Gates just wants to control the software, and he does. The pirmary reason why I went with Windows was hardware versatility. I also run FreeBSD systems too.
As another reader posted...."With 95% of the home market, Microsoft doesn't need a 'worthless mouthpeice'."
"You and any of your socalled journalists should be ashamed of yourselves."
And you should be ashamed of yourself for writing such a worthless post in a public forum. Your useless contribution to humanity is not wanted or needed.
It's not like the Apple elitist fanatics aren't asking for it. Somehow the Apple spinsters have managed to convince their patrons that they all think on a higher plane or are, in some way, superior to the 'average' Windows home user. The reality being that you just payed $3,000 for a computer w/ a $150 video card, bought into their BLOWN-out-of-proportion specs for their awesome Intel processors -remember, Intel 'used to suck', and will probably, in short order, be wearing the white, Apple logo sticker on your rear window...
Point is: Nothing is perfect. Try to convince yourself as you may, your Mac OS is not bulletproof. Someone will crack it, just like they will with Vista -although Vista will present a much more lucrative target and will therefore get more attention and resources. You represent a smaller number. And will get less attention for it. But don't go around thinking that you've got a better number. You're in a smaller crowd. So you can consider yourself more infrequent or rare. But not better. So drop the attitude and tell your brothers and sisters at Apple iChurch on Sunday to pull their heads out, realize their computers for what they are, and quit buying into the hype...
By the way, with 95% of the home market, Microsoft doesn't need a 'worthless mouthpiece'.
I've seen the Windows title you mention (Windows Flaws put PCs at risk) every time there's a Windows fix (and that's almost monthly). So I don't see any bias here. They are just doing for Apple what they routinely do for Windows (and before you make some witty comment about the number of times this happens for Windows, read Apple's announcement and see how many vulnerabilities they are fixing this time).
The worst headline? Hardly. It's ment to draw attention to an very important issue dealing with software.
"In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK."
Why? Microsoft knows about their problems as do their users. Plus Microsoft autopatches everything on a monthly basis anyways. What about your Mac?
"C'Net is a worthless mouthpiece for the WinTel hedgemoney."
Such as the MacIntel lockin? Don't make me laugh. You are a worthless mouthpiece for Apple. It seems that people like you who buy into Steve Jobs's vision of how the world is have a really bad case of HUA Syndrome. I'll let you figure out the meaning of that acronym.
Considering all the different hardware configurations that are out there, Windows does pretty freaking good despite all it's faults. What you fail to realize is the fact that all software (Microsoft, Apple, Open Source, etc) has bugs in it. Even OpenBSD, which is the most secure OS on the planet, has faults.
Why do you think that Steve Jobs won't let Mac OSX run on standard PC hardware? Because he want's total control over the hardware, the software, and your life. Bill Gates just wants to control the software, and he does. The pirmary reason why I went with Windows was hardware versatility. I also run FreeBSD systems too.
As another reader posted...."With 95% of the home market, Microsoft doesn't need a 'worthless mouthpeice'."
"You and any of your socalled journalists should be ashamed of yourselves."
And you should be ashamed of yourself for writing such a worthless post in a public forum. Your useless contribution to humanity is not wanted or needed.
All these articles are popping up all over the net about how the Mac is just as much at risk for viruses as Windows. Someone needs money. All the anti-virus firms were pretty upset when they lost sales of Mac anti-virus software. After realizing how solid Mac OS X was, a lot of Mac owners just stopped buying it. Wouldn't it be nice to blow the fear up so they can sell more?
NOTHING SELLS BETTER THAN FEAR
The PC Mafia has had a stranglehold on the market for some time. They've gotten lazy and I dare say, a little afraid of what Apple has up it's sleeve. What better method of staying on top than accentuate the vulnerabilities of the competition.
OS X is built on UNIX and that is harder to crack than Windows as another reader pointed out. Why do you thinks banks and governments run UNIX? Many of the super user features on a Mac are locked by default. I seriously don't believe that the Mac is equally as vulnerable as Windows. It think it much more fair to say that there are some viruses for the Mac and they squash those pretty quickly.
"I think it much more fair to say that there are some viruses for the Mac and they squash those pretty quickly."
The facts: There have been two pieces of malware ever written for Mac OS X. Two. Neither successfully self propagated using the internet. (I believe one was bluetooth. What a joke.) Current Mac virus count: 0.
Not saying it can't be done, just that it hasn't been done in the 6 years OS X has been on the Mac.
All these articles are popping up all over the net about how the Mac is just as much at risk for viruses as Windows. Someone needs money. All the anti-virus firms were pretty upset when they lost sales of Mac anti-virus software. After realizing how solid Mac OS X was, a lot of Mac owners just stopped buying it. Wouldn't it be nice to blow the fear up so they can sell more?
NOTHING SELLS BETTER THAN FEAR
The PC Mafia has had a stranglehold on the market for some time. They've gotten lazy and I dare say, a little afraid of what Apple has up it's sleeve. What better method of staying on top than accentuate the vulnerabilities of the competition.
OS X is built on UNIX and that is harder to crack than Windows as another reader pointed out. Why do you thinks banks and governments run UNIX? Many of the super user features on a Mac are locked by default. I seriously don't believe that the Mac is equally as vulnerable as Windows. It think it much more fair to say that there are some viruses for the Mac and they squash those pretty quickly.
"I think it much more fair to say that there are some viruses for the Mac and they squash those pretty quickly."
The facts: There have been two pieces of malware ever written for Mac OS X. Two. Neither successfully self propagated using the internet. (I believe one was bluetooth. What a joke.) Current Mac virus count: 0.
Not saying it can't be done, just that it hasn't been done in the 6 years OS X has been on the Mac.
Walt Mossberg, 'one of the most respected technology experts on the planet' wrote:
There is no sudden security crisis on the Apple Macintosh platform. In fact, for average Mac users, there isn't a security threat of any significance, at least not yet. It is laughable to compare the real, massive and burdensome security problems on Windows with the largely theoretical security problem on the Mac.
As I have said in the past, no operating system is invulnerable to attack, including Apple's Mac OS X operating system, which powers Macintosh computers. It is possible to write malicious software for the Mac, including viruses and spyware, and it is possible for this software to spread in the wild, infecting many Macs.
However, despite what you may have heard, this hasn't happened to any degree that matters, yet. As of today, there have been exactly two documented, successful pieces of malicious software -- viruses, trojan horses, worms -- that affected users of the Mac OS X operating system, since it was released in 2001. And these two failed to spread much, affecting probably a few dozen people, and doing no harm. I expect there to be a small number of additional Mac viruses this year.
By contrast, there are over 100,000 reported viruses for Windows, some of which have affected millions of people and have done significant economic damage. As for spyware, I know of no documented cases on Mac OS X, while there are certainly thousands on Windows. These Windows viruses and spyware can't run on the Mac operating system, even on Macs powered by the same Intel processors used by Windows PCs.
The recent publicity concerns theoretical vulnerabilities that security firms have identified in Apple's operating system. These vulnerabilities, like similar vulnerabilities in Windows, aren't necessarily being exploited. Like Microsoft, Apple fixes vulnerabilities as they are identified. But some critics say Apple does this too slowly.
Security firms are saying that the discovery of these vulnerabilities in the Mac has increased sharply lately. They say that based on past patterns, this should yield a sharp increase in the number of Mac viruses in coming years. But even a "sharp" increase could well mean under 50 viruses by 2008.
So my advice to Mac users is that at the moment, I see no reason to buy and run security software, which is in itself costly and can degrade your computing experience. But you should make up your own mind, based on your tolerance for risk.
Here's a test you can use. Imagine you live in a neighborhood that has suffered only a couple of ambiguous, harmless burglaries over five years, even though the neighborhood is surrounded by much higher-crime areas. If you would buy a burglar alarm in such a neighborhood, then buy Mac security software. Otherwise, don't. Just turn on Apple's built-in firewall and relax.
There is one exception: If you are running Windows on one of the new Intel Macs, you are just like a Windows user, and you must run Windows security programs when using Windows.
"There is one exception: If you are running Windows on one of the new Intel Macs, you are just like a Windows user, and you must run Windows security programs when using Windows."
Correction: If you are running Windows on one of the new Intel Macs, you ARE a Windows user, and you must run Windows security programs when using Windows.
Walt Mossberg, 'one of the most respected technology experts on the planet' wrote:
There is no sudden security crisis on the Apple Macintosh platform. In fact, for average Mac users, there isn't a security threat of any significance, at least not yet. It is laughable to compare the real, massive and burdensome security problems on Windows with the largely theoretical security problem on the Mac.
As I have said in the past, no operating system is invulnerable to attack, including Apple's Mac OS X operating system, which powers Macintosh computers. It is possible to write malicious software for the Mac, including viruses and spyware, and it is possible for this software to spread in the wild, infecting many Macs.
However, despite what you may have heard, this hasn't happened to any degree that matters, yet. As of today, there have been exactly two documented, successful pieces of malicious software -- viruses, trojan horses, worms -- that affected users of the Mac OS X operating system, since it was released in 2001. And these two failed to spread much, affecting probably a few dozen people, and doing no harm. I expect there to be a small number of additional Mac viruses this year.
By contrast, there are over 100,000 reported viruses for Windows, some of which have affected millions of people and have done significant economic damage. As for spyware, I know of no documented cases on Mac OS X, while there are certainly thousands on Windows. These Windows viruses and spyware can't run on the Mac operating system, even on Macs powered by the same Intel processors used by Windows PCs.
The recent publicity concerns theoretical vulnerabilities that security firms have identified in Apple's operating system. These vulnerabilities, like similar vulnerabilities in Windows, aren't necessarily being exploited. Like Microsoft, Apple fixes vulnerabilities as they are identified. But some critics say Apple does this too slowly.
Security firms are saying that the discovery of these vulnerabilities in the Mac has increased sharply lately. They say that based on past patterns, this should yield a sharp increase in the number of Mac viruses in coming years. But even a "sharp" increase could well mean under 50 viruses by 2008.
So my advice to Mac users is that at the moment, I see no reason to buy and run security software, which is in itself costly and can degrade your computing experience. But you should make up your own mind, based on your tolerance for risk.
Here's a test you can use. Imagine you live in a neighborhood that has suffered only a couple of ambiguous, harmless burglaries over five years, even though the neighborhood is surrounded by much higher-crime areas. If you would buy a burglar alarm in such a neighborhood, then buy Mac security software. Otherwise, don't. Just turn on Apple's built-in firewall and relax.
There is one exception: If you are running Windows on one of the new Intel Macs, you are just like a Windows user, and you must run Windows security programs when using Windows.
"There is one exception: If you are running Windows on one of the new Intel Macs, you are just like a Windows user, and you must run Windows security programs when using Windows."
Correction: If you are running Windows on one of the new Intel Macs, you ARE a Windows user, and you must run Windows security programs when using Windows.
Joris Evers sounds more like a made up name by the CNET staff...
What did you guys do? Write some script that auto-posts anti-apple JUNK on your C-Net website? (if you did, that's very cleaver... oh - oh, maybe I gave you an idea - ).
This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed!
I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago and don't even own an iPod... I have to say that OS X and Win XP are not on the same category... For people who DON'T KNOW! (aka - ignorant people), OS X is a much superior operating system without a doubt. I have been runnig my machine for 7 months. Not a freeze on sight, not a spyware, virus, malware, etc...
AND don't give me the quick-way-out response that: "oh, there is no one using Macs anyways, that's why there are not viruses".. think again. I was just at a technology conference last week and I saw nothing but macs (this was no mac convention btw)
Back to the subject... Bad article, don't quit your day job.
why u guys are so offensive when somebody writes a virus for Mac? Just bcos Mac is used by a handful ppl, there is no virus. Bcos if i am a virus programmer, i would like to target maximum ppl, bcos that makes sense. Do u think that ppl out there dont know how to write virus/worm for Mac? If u think that, u r more than stupid! This is just the beginning... and it wont take mush days that ur Mac is affected by virus... wait and see. and then again come back and post message. Till then enjoy being minority!
<This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed! I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago >
One sided? What side is that? Those that are against compromised computers? And, sorry to say, you a fan-boy. You did what ALL fan-boys do: 1) Attack the messager ("Bad article, don't quit your day job.") 2) State that your favorite is obviously vastly better (",,OS X is a much superior operating system without a doubt") than all others; 3) Claim the publication hates your favotite ("..auto-posts anti-apple JUNK on your C-Net website") 4) Claim that those who don't agree with you are blind in some way ("...For people who DON'T KNOW! (aka - ignorant people)...")
Its really sad how some fanboys can't see that all OS are exploitable (certainly some more than others) but can't see the positives in the OS company releasing updates to close off exploits. Or in a software company releasing patches for a media player.
For the record, I have WindowsXP, Windows 2000, Linux (PC Linux OS) and Mac OSX (G5) in my home / office. They all have their strenghts/weaknesses.
Joris Evers sounds more like a made up name by the CNET staff...
What did you guys do? Write some script that auto-posts anti-apple JUNK on your C-Net website? (if you did, that's very cleaver... oh - oh, maybe I gave you an idea - ).
This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed!
I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago and don't even own an iPod... I have to say that OS X and Win XP are not on the same category... For people who DON'T KNOW! (aka - ignorant people), OS X is a much superior operating system without a doubt. I have been runnig my machine for 7 months. Not a freeze on sight, not a spyware, virus, malware, etc...
AND don't give me the quick-way-out response that: "oh, there is no one using Macs anyways, that's why there are not viruses".. think again. I was just at a technology conference last week and I saw nothing but macs (this was no mac convention btw)
Back to the subject... Bad article, don't quit your day job.
why u guys are so offensive when somebody writes a virus for Mac? Just bcos Mac is used by a handful ppl, there is no virus. Bcos if i am a virus programmer, i would like to target maximum ppl, bcos that makes sense. Do u think that ppl out there dont know how to write virus/worm for Mac? If u think that, u r more than stupid! This is just the beginning... and it wont take mush days that ur Mac is affected by virus... wait and see. and then again come back and post message. Till then enjoy being minority!
<This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed! I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago >
One sided? What side is that? Those that are against compromised computers? And, sorry to say, you a fan-boy. You did what ALL fan-boys do: 1) Attack the messager ("Bad article, don't quit your day job.") 2) State that your favorite is obviously vastly better (",,OS X is a much superior operating system without a doubt") than all others; 3) Claim the publication hates your favotite ("..auto-posts anti-apple JUNK on your C-Net website") 4) Claim that those who don't agree with you are blind in some way ("...For people who DON'T KNOW! (aka - ignorant people)...")
Its really sad how some fanboys can't see that all OS are exploitable (certainly some more than others) but can't see the positives in the OS company releasing updates to close off exploits. Or in a software company releasing patches for a media player.
For the record, I have WindowsXP, Windows 2000, Linux (PC Linux OS) and Mac OSX (G5) in my home / office. They all have their strenghts/weaknesses.
I'm not going to make the charge of anti-mac bias, because this is simply really bad journalism regardless.
Among the many errors in this article:
"All of the vulnerabilities exist because of errors in the way the media player software handles certain files. Specially crafted files in certain media formats--including JPEG, QuickTime, Flash, MPEG4 and AVI--could allow an intruder to hijack a vulnerable system, Apple said in an advisory."
In fact, Apple said no such thing in its advisory. What it did say that the maliciously crafted files - in many cases corrupt files - could cause an "application crash" or "arbitrary code execution" You seem to have misconstrued the execution of arbitrary code as tantamount to successfully hijacking a vulnerable system. Among other things, that presupposes the target, intent, and capability of the code string, and also ignores other security measures at the OS level designed to prevent the system from being "hijacked" in the first place by an intruder.
"Apple added the [download validation] function in a security update released in early March."
In fact, download validation has been a feature of OS X since at least the introduction of Tiger. The security update you referenced modified the function so it would be more robust in validating downloaded files.
I don't mind articles that sound an alarmist tone in order to get the attention of users who should patch their installation. But frankly Joris, your scribblings regarding Apple, OS X, and security are frightfully amateurish. I look forward to greater care on your part when you research your next article pertaining to Apple and security.
I'm not going to make the charge of anti-mac bias, because this is simply really bad journalism regardless.
Among the many errors in this article:
"All of the vulnerabilities exist because of errors in the way the media player software handles certain files. Specially crafted files in certain media formats--including JPEG, QuickTime, Flash, MPEG4 and AVI--could allow an intruder to hijack a vulnerable system, Apple said in an advisory."
In fact, Apple said no such thing in its advisory. What it did say that the maliciously crafted files - in many cases corrupt files - could cause an "application crash" or "arbitrary code execution" You seem to have misconstrued the execution of arbitrary code as tantamount to successfully hijacking a vulnerable system. Among other things, that presupposes the target, intent, and capability of the code string, and also ignores other security measures at the OS level designed to prevent the system from being "hijacked" in the first place by an intruder.
"Apple added the [download validation] function in a security update released in early March."
In fact, download validation has been a feature of OS X since at least the introduction of Tiger. The security update you referenced modified the function so it would be more robust in validating downloaded files.
I don't mind articles that sound an alarmist tone in order to get the attention of users who should patch their installation. But frankly Joris, your scribblings regarding Apple, OS X, and security are frightfully amateurish. I look forward to greater care on your part when you research your next article pertaining to Apple and security.
Nearly all the fixes are similar in nature, and are preventing buffer overruns.
To even suggest that this means there is a virus, and puts other PCs, or even the Macs at risk is plain laughable, since the news comes only because a documented update was made.
OSX users, just keep doing your regular software updates, and you will be fine. If you are feeling paranoid, for some reason (like the FUD retailers getting into your heads), just change your software update preferences to daily.
... I mean really folks, the news here is "My Gosh, look what they did! They fixed something in the OS and now its not a [potential] problem anymore!" ...
Nearly all the fixes are similar in nature, and are preventing buffer overruns.
To even suggest that this means there is a virus, and puts other PCs, or even the Macs at risk is plain laughable, since the news comes only because a documented update was made.
OSX users, just keep doing your regular software updates, and you will be fine. If you are feeling paranoid, for some reason (like the FUD retailers getting into your heads), just change your software update preferences to daily.
... I mean really folks, the news here is "My Gosh, look what they did! They fixed something in the OS and now its not a [potential] problem anymore!" ...
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
just preventative maintenace...
Nice to see that Apple has addressed these issues in a timely
fashion.
And note how the title on the main page for this article is slightly changed to make it as inflammatory as possible.
M$ finds the flaws way later, then maybe, just maybe, they'll fix
'em.
Strange.
just preventative maintenace...
Nice to see that Apple has addressed these issues in a timely
fashion.
And note how the title on the main page for this article is slightly changed to make it as inflammatory as possible.
M$ finds the flaws way later, then maybe, just maybe, they'll fix
'em.
Strange.
What Apple and their users fail to understand is that there is no virus's solely because there is harldy any interest in the platform so noone bothers to write viruses and trojans and so on for the mac.
Rest assured that if OS X becomes popular, whether it be because of Windows support or whatever, there will be many virus's popping up for it.
They say lack of virus's shows their a superior system but to the rest of the world it's just looked at as sad because noone cares enough to even exploit the dying OS.
only that there were not 114,000 known viruses for the mac last
year.
I agree the reason there are not 114,000+ viruses for the Mac is
not soley because the OS is not vulnerable, but at the same time,
security measures currently in place (limited user privilege at
run-time, for instance) make it harder for a virus to propogate
across OS X systems compared to Windows systems. Otherwise,
why would Microsoft be implementing a similar-style
mechanism in Vista (UAP)?
flaws in the Microsoft Windows operating system. To argue by
implication that if Mac OS X was as popular as Windows is now,
it would suffer the same virus/worm-ridden and neglected fate,
possesses no logical validity. Like many so-called "intelligence
failures," we cannot secure ourselves from all we do not know
(i.e., an infinite set).
I am interested in how that multi-thousand-dollar prize for the
first in-the-wild Mac virus is going? Certainly virus-writers
could do with a few extra thousand dollars. It's been going for a
long time.
virus's solely because there is harldy any interest in the platform so
noone bothers to write viruses and trojans and so on for the mac."
If I had a dollar for every time I've read/heard this argument...
Whatever, man. Moving on...
Nobody eats at that restaurant ... it's way too crowded.
Thanks for the laugh.
What Apple and their users fail to understand is that there is no virus's solely because there is harldy any interest in the platform so noone bothers to write viruses and trojans and so on for the mac.
Rest assured that if OS X becomes popular, whether it be because of Windows support or whatever, there will be many virus's popping up for it.
They say lack of virus's shows their a superior system but to the rest of the world it's just looked at as sad because noone cares enough to even exploit the dying OS.
only that there were not 114,000 known viruses for the mac last
year.
I agree the reason there are not 114,000+ viruses for the Mac is
not soley because the OS is not vulnerable, but at the same time,
security measures currently in place (limited user privilege at
run-time, for instance) make it harder for a virus to propogate
across OS X systems compared to Windows systems. Otherwise,
why would Microsoft be implementing a similar-style
mechanism in Vista (UAP)?
flaws in the Microsoft Windows operating system. To argue by
implication that if Mac OS X was as popular as Windows is now,
it would suffer the same virus/worm-ridden and neglected fate,
possesses no logical validity. Like many so-called "intelligence
failures," we cannot secure ourselves from all we do not know
(i.e., an infinite set).
I am interested in how that multi-thousand-dollar prize for the
first in-the-wild Mac virus is going? Certainly virus-writers
could do with a few extra thousand dollars. It's been going for a
long time.
virus's solely because there is harldy any interest in the platform so
noone bothers to write viruses and trojans and so on for the mac."
If I had a dollar for every time I've read/heard this argument...
Whatever, man. Moving on...
Nobody eats at that restaurant ... it's way too crowded.
Thanks for the laugh.
mention that none (that i've read about) have actually been
exploited. This whole article seem very anti-apple. Surprising
from C/net.
mention that none (that i've read about) have actually been
exploited. This whole article seem very anti-apple. Surprising
from C/net.
In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK.
C'Net is a worthless mouthpiece for the WinTel hedgemoney. You and any of your socalled journalists should be ashamed of yourselves.
It's not like the Apple elitist fanatics aren't asking for it. Somehow the Apple spinsters have managed to convince their patrons that they all think on a higher plane or are, in some way, superior to the 'average' Windows home user. The reality being that you just payed $3,000 for a computer w/ a $150 video card, bought into their BLOWN-out-of-proportion specs for their awesome Intel processors -remember, Intel 'used to suck', and will probably, in short order, be wearing the white, Apple logo sticker on your rear window...
Point is: Nothing is perfect. Try to convince yourself as you may, your Mac OS is not bulletproof. Someone will crack it, just like they will with Vista -although Vista will present a much more lucrative target and will therefore get more attention and resources. You represent a smaller number. And will get less attention for it. But don't go around thinking that you've got a better number. You're in a smaller crowd. So you can consider yourself more infrequent or rare. But not better. So drop the attitude and tell your brothers and sisters at Apple iChurch on Sunday to pull their heads out, realize their computers for what they are, and quit buying into the hype...
By the way, with 95% of the home market, Microsoft doesn't need a 'worthless mouthpiece'.
So I don't see any bias here. They are just doing for Apple what they routinely do for Windows (and before you make some witty comment about the number of times this happens for Windows, read Apple's announcement and see how many vulnerabilities they are fixing this time).
They seem pretty fair to me.
"This headline has to be the worst I've seen."
The worst headline? Hardly. It's ment to draw attention to an very important issue dealing with software.
"In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK."
Why? Microsoft knows about their problems as do their users. Plus Microsoft autopatches everything on a monthly basis anyways. What about your Mac?
"C'Net is a worthless mouthpiece for the WinTel hedgemoney."
Such as the MacIntel lockin? Don't make me laugh. You are a worthless mouthpiece for Apple. It seems that people like you who buy into Steve Jobs's vision of how the world is have a really bad case of HUA Syndrome. I'll let you figure out the meaning of that acronym.
Considering all the different hardware configurations that are out there, Windows does pretty freaking good despite all it's faults. What you fail to realize is the fact that all software (Microsoft, Apple, Open Source, etc) has bugs in it. Even OpenBSD, which is the most secure OS on the planet, has faults.
Why do you think that Steve Jobs won't let Mac OSX run on standard PC hardware? Because he want's total control over the hardware, the software, and your life. Bill Gates just wants to control the software, and he does. The pirmary reason why I went with Windows was hardware versatility. I also run FreeBSD systems too.
As another reader posted...."With 95% of the home market, Microsoft doesn't need a 'worthless mouthpeice'."
"You and any of your socalled journalists should be ashamed of yourselves."
And you should be ashamed of yourself for writing such a worthless post in a public forum. Your useless contribution to humanity is not wanted or needed.
In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK.
C'Net is a worthless mouthpiece for the WinTel hedgemoney. You and any of your socalled journalists should be ashamed of yourselves.
It's not like the Apple elitist fanatics aren't asking for it. Somehow the Apple spinsters have managed to convince their patrons that they all think on a higher plane or are, in some way, superior to the 'average' Windows home user. The reality being that you just payed $3,000 for a computer w/ a $150 video card, bought into their BLOWN-out-of-proportion specs for their awesome Intel processors -remember, Intel 'used to suck', and will probably, in short order, be wearing the white, Apple logo sticker on your rear window...
Point is: Nothing is perfect. Try to convince yourself as you may, your Mac OS is not bulletproof. Someone will crack it, just like they will with Vista -although Vista will present a much more lucrative target and will therefore get more attention and resources. You represent a smaller number. And will get less attention for it. But don't go around thinking that you've got a better number. You're in a smaller crowd. So you can consider yourself more infrequent or rare. But not better. So drop the attitude and tell your brothers and sisters at Apple iChurch on Sunday to pull their heads out, realize their computers for what they are, and quit buying into the hype...
By the way, with 95% of the home market, Microsoft doesn't need a 'worthless mouthpiece'.
So I don't see any bias here. They are just doing for Apple what they routinely do for Windows (and before you make some witty comment about the number of times this happens for Windows, read Apple's announcement and see how many vulnerabilities they are fixing this time).
They seem pretty fair to me.
"This headline has to be the worst I've seen."
The worst headline? Hardly. It's ment to draw attention to an very important issue dealing with software.
"In the interest of objectivity you'll have to announce every Windows update as WINDOWS FLAWS PUT PCS, MACS AND HELPLESS SENIOR CITIZENS AT RISK."
Why? Microsoft knows about their problems as do their users. Plus Microsoft autopatches everything on a monthly basis anyways. What about your Mac?
"C'Net is a worthless mouthpiece for the WinTel hedgemoney."
Such as the MacIntel lockin? Don't make me laugh. You are a worthless mouthpiece for Apple. It seems that people like you who buy into Steve Jobs's vision of how the world is have a really bad case of HUA Syndrome. I'll let you figure out the meaning of that acronym.
Considering all the different hardware configurations that are out there, Windows does pretty freaking good despite all it's faults. What you fail to realize is the fact that all software (Microsoft, Apple, Open Source, etc) has bugs in it. Even OpenBSD, which is the most secure OS on the planet, has faults.
Why do you think that Steve Jobs won't let Mac OSX run on standard PC hardware? Because he want's total control over the hardware, the software, and your life. Bill Gates just wants to control the software, and he does. The pirmary reason why I went with Windows was hardware versatility. I also run FreeBSD systems too.
As another reader posted...."With 95% of the home market, Microsoft doesn't need a 'worthless mouthpeice'."
"You and any of your socalled journalists should be ashamed of yourselves."
And you should be ashamed of yourself for writing such a worthless post in a public forum. Your useless contribution to humanity is not wanted or needed.
Keep raking the muck, News.com.
Keep raking the muck, News.com.
Mac is just as much at risk for viruses as Windows. Someone
needs money. All the anti-virus firms were pretty upset when
they lost sales of Mac anti-virus software. After realizing how
solid Mac OS X was, a lot of Mac owners just stopped buying it.
Wouldn't it be nice to blow the fear up so they can sell more?
NOTHING SELLS BETTER THAN FEAR
The PC Mafia has had a stranglehold on the market for some
time. They've gotten lazy and I dare say, a little afraid of what
Apple has up it's sleeve. What better method of staying on top
than accentuate the vulnerabilities of the competition.
OS X is built on UNIX and that is harder to crack than Windows
as another reader pointed out. Why do you thinks banks and
governments run UNIX? Many of the super user features on a
Mac are locked by default. I seriously don't believe that the Mac
is equally as vulnerable as Windows. It think it much more fair to
say that there are some viruses for the Mac and they squash
those pretty quickly.
the Mac and they squash those pretty quickly."
The facts:
There have been two pieces of malware ever written for Mac OS
X. Two. Neither successfully self propagated using the internet.
(I believe one was bluetooth. What a joke.) Current Mac virus
count: 0.
Not saying it can't be done, just that it hasn't been done in the 6
years OS X has been on the Mac.
Mac is just as much at risk for viruses as Windows. Someone
needs money. All the anti-virus firms were pretty upset when
they lost sales of Mac anti-virus software. After realizing how
solid Mac OS X was, a lot of Mac owners just stopped buying it.
Wouldn't it be nice to blow the fear up so they can sell more?
NOTHING SELLS BETTER THAN FEAR
The PC Mafia has had a stranglehold on the market for some
time. They've gotten lazy and I dare say, a little afraid of what
Apple has up it's sleeve. What better method of staying on top
than accentuate the vulnerabilities of the competition.
OS X is built on UNIX and that is harder to crack than Windows
as another reader pointed out. Why do you thinks banks and
governments run UNIX? Many of the super user features on a
Mac are locked by default. I seriously don't believe that the Mac
is equally as vulnerable as Windows. It think it much more fair to
say that there are some viruses for the Mac and they squash
those pretty quickly.
the Mac and they squash those pretty quickly."
The facts:
There have been two pieces of malware ever written for Mac OS
X. Two. Neither successfully self propagated using the internet.
(I believe one was bluetooth. What a joke.) Current Mac virus
count: 0.
Not saying it can't be done, just that it hasn't been done in the 6
years OS X has been on the Mac.
on the planet' wrote:
There is no sudden security crisis on the Apple Macintosh
platform. In fact, for average Mac users, there isn't a security
threat of any significance, at least not yet. It is laughable to
compare the real, massive and burdensome security problems
on Windows with the largely theoretical security problem on the
Mac.
As I have said in the past, no operating system is invulnerable to
attack, including Apple's Mac OS X operating system, which
powers Macintosh computers. It is possible to write malicious
software for the Mac, including viruses and spyware, and it is
possible for this software to spread in the wild, infecting many
Macs.
However, despite what you may have heard, this hasn't
happened to any degree that matters, yet. As of today, there
have been exactly two documented, successful pieces of
malicious software -- viruses, trojan horses, worms -- that
affected users of the Mac OS X operating system, since it was
released in 2001. And these two failed to spread much, affecting
probably a few dozen people, and doing no harm. I expect there
to be a small number of additional Mac viruses this year.
By contrast, there are over 100,000 reported viruses for
Windows, some of which have affected millions of people and
have done significant economic damage. As for spyware, I know
of no documented cases on Mac OS X, while there are certainly
thousands on Windows. These Windows viruses and spyware
can't run on the Mac operating system, even on Macs powered
by the same Intel processors used by Windows PCs.
The recent publicity concerns theoretical vulnerabilities that
security firms have identified in Apple's operating system. These
vulnerabilities, like similar vulnerabilities in Windows, aren't
necessarily being exploited. Like Microsoft, Apple fixes
vulnerabilities as they are identified. But some critics say Apple
does this too slowly.
Security firms are saying that the discovery of these
vulnerabilities in the Mac has increased sharply lately. They say
that based on past patterns, this should yield a sharp increase in
the number of Mac viruses in coming years. But even a "sharp"
increase could well mean under 50 viruses by 2008.
So my advice to Mac users is that at the moment, I see no reason
to buy and run security software, which is in itself costly and can
degrade your computing experience. But you should make up
your own mind, based on your tolerance for risk.
Here's a test you can use. Imagine you live in a neighborhood
that has suffered only a couple of ambiguous, harmless
burglaries over five years, even though the neighborhood is
surrounded by much higher-crime areas. If you would buy a
burglar alarm in such a neighborhood, then buy Mac security
software. Otherwise, don't. Just turn on Apple's built-in firewall
and relax.
There is one exception: If you are running Windows on one of
the new Intel Macs, you are just like a Windows user, and you
must run Windows security programs when using Windows.
data files, like a JPEG image someone might download.
the new Intel Macs, you are just like a Windows user, and you
must run Windows security programs when using Windows."
Correction: If you are running Windows on one of the new Intel
Macs, you ARE a Windows user, and you must run Windows security
programs when using Windows.
on the planet' wrote:
There is no sudden security crisis on the Apple Macintosh
platform. In fact, for average Mac users, there isn't a security
threat of any significance, at least not yet. It is laughable to
compare the real, massive and burdensome security problems
on Windows with the largely theoretical security problem on the
Mac.
As I have said in the past, no operating system is invulnerable to
attack, including Apple's Mac OS X operating system, which
powers Macintosh computers. It is possible to write malicious
software for the Mac, including viruses and spyware, and it is
possible for this software to spread in the wild, infecting many
Macs.
However, despite what you may have heard, this hasn't
happened to any degree that matters, yet. As of today, there
have been exactly two documented, successful pieces of
malicious software -- viruses, trojan horses, worms -- that
affected users of the Mac OS X operating system, since it was
released in 2001. And these two failed to spread much, affecting
probably a few dozen people, and doing no harm. I expect there
to be a small number of additional Mac viruses this year.
By contrast, there are over 100,000 reported viruses for
Windows, some of which have affected millions of people and
have done significant economic damage. As for spyware, I know
of no documented cases on Mac OS X, while there are certainly
thousands on Windows. These Windows viruses and spyware
can't run on the Mac operating system, even on Macs powered
by the same Intel processors used by Windows PCs.
The recent publicity concerns theoretical vulnerabilities that
security firms have identified in Apple's operating system. These
vulnerabilities, like similar vulnerabilities in Windows, aren't
necessarily being exploited. Like Microsoft, Apple fixes
vulnerabilities as they are identified. But some critics say Apple
does this too slowly.
Security firms are saying that the discovery of these
vulnerabilities in the Mac has increased sharply lately. They say
that based on past patterns, this should yield a sharp increase in
the number of Mac viruses in coming years. But even a "sharp"
increase could well mean under 50 viruses by 2008.
So my advice to Mac users is that at the moment, I see no reason
to buy and run security software, which is in itself costly and can
degrade your computing experience. But you should make up
your own mind, based on your tolerance for risk.
Here's a test you can use. Imagine you live in a neighborhood
that has suffered only a couple of ambiguous, harmless
burglaries over five years, even though the neighborhood is
surrounded by much higher-crime areas. If you would buy a
burglar alarm in such a neighborhood, then buy Mac security
software. Otherwise, don't. Just turn on Apple's built-in firewall
and relax.
There is one exception: If you are running Windows on one of
the new Intel Macs, you are just like a Windows user, and you
must run Windows security programs when using Windows.
data files, like a JPEG image someone might download.
the new Intel Macs, you are just like a Windows user, and you
must run Windows security programs when using Windows."
Correction: If you are running Windows on one of the new Intel
Macs, you ARE a Windows user, and you must run Windows security
programs when using Windows.
What did you guys do? Write some script that auto-posts anti-apple JUNK on your C-Net website? (if you did, that's very cleaver... oh - oh, maybe I gave you an idea - ).
This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed!
I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago and don't even own an iPod... I have to say that OS X and Win XP are not on the same category... For people who DON'T KNOW! (aka - ignorant people), OS X is a much superior operating system without a doubt. I have been runnig my machine for 7 months. Not a freeze on sight, not a spyware, virus, malware, etc...
AND don't give me the quick-way-out response that: "oh, there is no one using Macs anyways, that's why there are not viruses".. think again. I was just at a technology conference last week and I saw nothing but macs (this was no mac convention btw)
Back to the subject... Bad article, don't quit your day job.
This is just the beginning... and it wont take mush days that ur Mac is affected by virus... wait and see. and then again come back and post message.
Till then enjoy being minority!
One sided? What side is that? Those that are against compromised computers? And, sorry to say, you a fan-boy. You did what ALL fan-boys do:
1) Attack the messager ("Bad article, don't quit your day job.")
2) State that your favorite is obviously vastly better (",,OS X is a much superior operating system without a doubt") than all others;
3) Claim the publication hates your favotite ("..auto-posts anti-apple JUNK on your C-Net website")
4) Claim that those who don't agree with you are blind in some way ("...For people who DON'T KNOW! (aka - ignorant people)...")
Its really sad how some fanboys can't see that all OS are exploitable (certainly some more than others) but can't see the positives in the OS company releasing updates to close off exploits. Or in a software company releasing patches for a media player.
For the record, I have WindowsXP, Windows 2000, Linux (PC Linux OS) and Mac OSX (G5) in my home / office. They all have their strenghts/weaknesses.
What did you guys do? Write some script that auto-posts anti-apple JUNK on your C-Net website? (if you did, that's very cleaver... oh - oh, maybe I gave you an idea - ).
This is REALLY one of the worst one sided articles I have ever read in my life. You guys should be ashamed!
I'm not an apple fan-boy or whatever, I just started using Mac OS X a few months ago and don't even own an iPod... I have to say that OS X and Win XP are not on the same category... For people who DON'T KNOW! (aka - ignorant people), OS X is a much superior operating system without a doubt. I have been runnig my machine for 7 months. Not a freeze on sight, not a spyware, virus, malware, etc...
AND don't give me the quick-way-out response that: "oh, there is no one using Macs anyways, that's why there are not viruses".. think again. I was just at a technology conference last week and I saw nothing but macs (this was no mac convention btw)
Back to the subject... Bad article, don't quit your day job.
This is just the beginning... and it wont take mush days that ur Mac is affected by virus... wait and see. and then again come back and post message.
Till then enjoy being minority!
One sided? What side is that? Those that are against compromised computers? And, sorry to say, you a fan-boy. You did what ALL fan-boys do:
1) Attack the messager ("Bad article, don't quit your day job.")
2) State that your favorite is obviously vastly better (",,OS X is a much superior operating system without a doubt") than all others;
3) Claim the publication hates your favotite ("..auto-posts anti-apple JUNK on your C-Net website")
4) Claim that those who don't agree with you are blind in some way ("...For people who DON'T KNOW! (aka - ignorant people)...")
Its really sad how some fanboys can't see that all OS are exploitable (certainly some more than others) but can't see the positives in the OS company releasing updates to close off exploits. Or in a software company releasing patches for a media player.
For the record, I have WindowsXP, Windows 2000, Linux (PC Linux OS) and Mac OSX (G5) in my home / office. They all have their strenghts/weaknesses.
is simply really bad journalism regardless.
Among the many errors in this article:
"All of the vulnerabilities exist because of errors in the way the
media player software handles certain files. Specially crafted files
in certain media formats--including JPEG, QuickTime, Flash,
MPEG4 and AVI--could allow an intruder to hijack a vulnerable
system, Apple said in an advisory."
In fact, Apple said no such thing in its advisory. What it did say
that the maliciously crafted files - in many cases corrupt files -
could cause an "application crash" or "arbitrary code execution"
You seem to have misconstrued the execution of arbitrary code
as tantamount to successfully hijacking a vulnerable system.
Among other things, that presupposes the target, intent, and
capability of the code string, and also ignores other security
measures at the OS level designed to prevent the system from
being "hijacked" in the first place by an intruder.
"Apple added the [download validation] function in a security
update released in early March."
In fact, download validation has been a feature of OS X since at
least the introduction of Tiger. The security update you
referenced modified the function so it would be more robust in
validating downloaded files.
I don't mind articles that sound an alarmist tone in order to get
the attention of users who should patch their installation. But
frankly Joris, your scribblings regarding Apple, OS X, and
security are frightfully amateurish. I look forward to greater care
on your part when you research your next article pertaining to
Apple and security.
is simply really bad journalism regardless.
Among the many errors in this article:
"All of the vulnerabilities exist because of errors in the way the
media player software handles certain files. Specially crafted files
in certain media formats--including JPEG, QuickTime, Flash,
MPEG4 and AVI--could allow an intruder to hijack a vulnerable
system, Apple said in an advisory."
In fact, Apple said no such thing in its advisory. What it did say
that the maliciously crafted files - in many cases corrupt files -
could cause an "application crash" or "arbitrary code execution"
You seem to have misconstrued the execution of arbitrary code
as tantamount to successfully hijacking a vulnerable system.
Among other things, that presupposes the target, intent, and
capability of the code string, and also ignores other security
measures at the OS level designed to prevent the system from
being "hijacked" in the first place by an intruder.
"Apple added the [download validation] function in a security
update released in early March."
In fact, download validation has been a feature of OS X since at
least the introduction of Tiger. The security update you
referenced modified the function so it would be more robust in
validating downloaded files.
I don't mind articles that sound an alarmist tone in order to get
the attention of users who should patch their installation. But
frankly Joris, your scribblings regarding Apple, OS X, and
security are frightfully amateurish. I look forward to greater care
on your part when you research your next article pertaining to
Apple and security.
Again nothing new on the PC side of things.
I'm sure their use to it already.
Again nothing new on the PC side of things.
I'm sure their use to it already.
on space shuttle?
on space shuttle?
To even suggest that this means there is a virus, and puts other PCs, or even the Macs at risk is plain laughable, since the news comes only because a documented update was made.
OSX users, just keep doing your regular software updates, and you will be fine. If you are feeling paranoid, for some reason (like the FUD retailers getting into your heads), just change your software update preferences to daily.
... I mean really folks, the news here is "My Gosh, look what they did! They fixed something in the OS and now its not a [potential] problem anymore!" ...
To even suggest that this means there is a virus, and puts other PCs, or even the Macs at risk is plain laughable, since the news comes only because a documented update was made.
OSX users, just keep doing your regular software updates, and you will be fine. If you are feeling paranoid, for some reason (like the FUD retailers getting into your heads), just change your software update preferences to daily.
... I mean really folks, the news here is "My Gosh, look what they did! They fixed something in the OS and now its not a [potential] problem anymore!" ...
creating more hits on CNET, thus increasing ad revenues.