 |
More of my sitesWinInfo Daily News
|
About this siteFor six years, the Internet Nexus served as my technology blog, but I've since started blogging at the SuperSite Blog instead. If you're looking for the blog, please head there. --Paul Tuesday, June 08, 2004Apple Quietly Patches OS XWired: "on Monday, Apple quietly fixed several major outstanding security vulnerabilities in Mac OS X. Security Update 2004-06-07, released noiselessly on Monday morning, closes major gaps in the way OS X handles browser helper applications. The fix is the first acknowledgment from Apple of the vulnerabilities, although they have been discussed publicly since late May. The update changes the way OS X launches helper applications when a user clicks certain Internet links, such as those that mount disk images on the desktop ... Apple on May 21 released a security update that fixed the HelpViewer vulnerability. The update was trumpeted by a press release, but it gave few details of what was fixed and how. The Mac community quickly discovered Apple had not addressed the way OS X handles the other protocols, and patched systems were just as vulnerable as before. 'Mac OS X systems (are) wide open for attacks,' said Secunia CEO Niels Rasmussen at the time. 'Mac users are as vulnerable now as before the patch was released.' Apple also came under stinging criticism for keeping mum about security issues. 'These are serious vulnerabilities which could be exploited for serious harm,' wrote a Philadelphia Web developer. 'The problem is that Apple has been revealed as a company that treats security vulnerabilities as marketing problems, rather than as technical problems.' Thomas Kristensen, Secunia's CTO, said his company had not had a chance to test Apple's latest fix, but from a description said it sounded like a step in the right direction ... Kristensen praised Apple for addressing the holes fairly quickly, but he criticized the company's stated policy of keeping mum about security holes until patches have been issued. 'Apple should change this policy,' he said. 'These issues were being discussed in public. Apple should have commented on what users could do, instead of deafening silence.'"Apple's security record is spotty at best, and the company is certainly not taking the proactive steps that Microsoft is to deal with these issues. A lot of people like to point out the low number of Mac OS X attacks, but I'd point out the low number of Mac OS X users (and systems to attack) as the obvious primary cause of that. If and when OS X becomes more popular, it will also become a more popular platform to attack. And it's prety clear that Apple needs to change its technicla and PR strategies and for dealing with this kind of problem. [ Posted at 8:58 AM | Permalink ]
|
|
Nexus Home | Nexus Archives | Email Paul
|