“Apple has released a range of patches for security holes – both old and new – for its Mac OS X operating system, which it advises users to download immediately,” Kieren McCarthy writes for Techworld in an article entitled, “Mac OS X riddled with security holes.”
“The company is downplaying the issue but one security company at least is concerned that the vulnerabilities could be extremely serious. Secunia has given the five – yes, five – patches a ‘highly critical’ rating and warned that they may allow hijacking, security bypass, data manipulation, privilege escalation, denial of service and system access,’ McCarthy writes.
McCarthy writes, “In other words, it makes Microsoft’s current Sasser problems look no more than a nasty nip. There isn’t a worm exploiting the holes as yet but the company is strongly advising users to download and install the patches as the OS looks like an easy target at the moment… Secunia has given the series of patches a ‘highly critical’ rating, which it explained was due to the Apple’s dismissive attitude to one of the holes.”
“This strange habit of pretending a big problem is of no significance was also displayed last month, when Apple explained that it was ‘aware’ of a Trojan horse that could be used to compromise its systems and was investigating it, but refused to say any more, commenting only that it has an excellent track record of patching holes,” McCarthy writes.
Full FUD here.
MacDailyNews Take: What a laugh riot! Give us a call when one (1) Mac OS X machine is compromised, okay, Techworld? Or better yet, why not FAX the UK Coastguard – oh wait, their operation is severely disrupted due to Windows’ Sasser worm. So are a host of banks and other operations worldwide. Is Techworld scared of something? They sure sound like it and it’s not Mac OS X’s so-called “security holes” that’s scaring them. We give this article a solid 10 out of 10 on the MacDailyNews FUD scale.
Related MacDailyNews articles:
Windows Sasser net worm spreading rapidly; Macintosh unaffected – May 03, 2004
Windows Sasser worm severely disrupts UK coastguard; Mac users remain unaffected – May 04, 2004
Windows Sasser worm mutates, knocks out banks, EC; Macintosh unaffected – May 04, 2004
Hey, someone has to divert attention from Microsoft. People are starting to hear virus and Windows in the same sentence all too often these days.
Pathetic to say the least.
Oh no, MDN, this one goes up to 11.
There is no depth to which some will descend to obfuscate the logic that if you didn’t run Windows, but rather Mac OS X, you’d have no viruses, no worms, no spyware or adware, and very, very few problems. They are afraid of the problem-free extended uptimes Mac OS X offers its users, it seems.
Pathetic is right. No serious decisionmaker would pay attention to this sloppy excuse for an article.
Mac User: you wrote: No serious decisionmaker would pay attention to this sloppy excuse for an article
Yes, they will, for the simple reason that Apple has done nothing to inform them that OSX is not subject to the same virus problems.
Does Kieren McCarthy also write for the “Enquirer”?
hmmm interesting maybe mac aint as secure as it suppose to be.
Wow! Toss out a few ambiguous scare statements and quote one security company (“at least” one
” width=”19″ height=”19″ alt=”wink” style=”border:0;” /> ) and you have a story for Techworld. Might as well change their name to WildRumorWorld.
No OS is perfectly secure. But a real worm in the computer is worth one-thousand theoretical worms in the minds of security companies and journalists. As usual, MDN has this FUD pegged.
so if banks used osX they could of had major problems too
artiom,
Don’t fall for the most blatant piece of FUD in recent memory. This article makes Paul Thurrott look like a balanced, logical tech writer in comparison.
These morons react more strongly to their “virtual” reality than to reality itself. Sad, Sad….sad!
Apple releases patches for a whopping five security holes, and Techworld writes an article about it? I downloaded a patch bundle for twenty (20) patches for Windows 2000 a week ago. And that is in addition to the patches I downloaded the month before that, and the month before that, and so on…
Fred – took the words right out of my mouth! So I guess all I can do is agree with you.
This article must be doing something. ‘artiom’ fell for it. You can’t under estimate the number of drones out there.
that little Sasser worm has currently shutdown systems at the IRS. Versus an unexploited security hole, a current selfpropagating virus problem is a much much bigger deal. Morons!
My business is now 2 years and 5 months into being primarily Mac based. Thats 2 years and 5 months without a virus, without a hung computer, without data loss.
Mac just works. All the Dells come up for their end of lease this November – and every one will be replaced by a Mac.
Thank you Apple for giving me back weeks and weeks that I used to devote to Windows maintenance and problems.
I read some of these security reports, but I do not understand the technical details. It would be nice if someone with the requisite technical expertise posted a point-by-point response to the vulnerability claims rather than having only a blanket condemnation of the reports.
i switched in 2002 and have been quite happy ever since – but when apple gets treated by the security community like this:
http://www.eeye.com/html/Research/Advisories/AD20040502.html
it makes it hard to believe their focus is on security. read that article all the way through. the buffer overflow detailed on that site WAS REAL. it was MONTHS OLD before apple patched it, and if you were running AFP, you could’ve been rooted. that’s just the way it is. since you probably didn’t read the link i posted – here’s a sample:
“It is difficult to express just how textbook this vulnerability scenario really is. Successful exploitation of the vulnerability is self-evident, and therefore no further discussion is warranted. It is our sincere hope that the vendor will make an earnest effort to increase the maturity of its security response capabilities, so that researchers will be encouraged to continue to work with them amicably on future security issues. Apple is doing a disservice to its customers by incorrectly labeling this vulnerability as a “crash bug” rather than stating correctly that attackers can compromise systems running the affected Apple software.”
just because we’re (as mac users) not susceptible to most outlook viruses, doesn’t mean we’re totally safe. there are other forms of insecurity out there.
Techworld also runs linuxinsider.com
Linuxinsider.com could also be anti-linuxinsider as most of their stories are pro MS or anti GPL, OSS.
To sum up Techworld is a bigger version of our favorite Enderle
How about posting responses on the TechWorld site where the TRUTH could do more good?
The problem is that BSD (the foundation of OS X) has a great security track record whereas Windows has a horrible one.
Bell Labs focused on security from day one (and the BSD community took it further). Microsoft is just now focusing on security, well at least they claim they are anyways
” width=”19″ height=”19″ alt=”tongue laugh” style=”border:0;” />
Sorry, but we had a 10.1.5 server compromised because of the stupid way that Apple was doing security updates and the fact that they did not let anyone know what systems were affected. They have correct this situation and 10.2 and 10.3 are now actually supported. They did release a patch for 10.1.5 recently, but it did not address the hole in QuickTime Streaming Server.
I actually found the FUD inspiring. Note that Macs obtain “security through obscurity”. Hmmm makes me wonder then, Windows obtain “insecurity through monopoly”.
“In other words, it makes Microsoft’s current Sasser problems look no more than a nasty nip.”
WHAT? You should have seen the faces on my coworkers when I told then the NEWEST Windows Virus doesnt need to be an e-mail attachment. They almost cried. Luckely we are 100% Mac here at work, never a virus, “hijacking, security bypass, data manipulation, privilege escalation, denial of service and system access”
The only one potentially serious is the fault on the Apple Filing Protocol (AFP)
The AppleFileServer provides AFP services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. AFP is not enabled by default. It is enabled through the Sharing Preferences section by selecting the ‘Personal File Sharing’ checkbox.
To compare this to Sasser is pathetic: the default OS X configuration is with AFP disabled. Second, usually a server is run not by individuals but network organizations. Usually from *outside* you cannot easily have granted access to the LAN hosting it. Third, it is nothing as a virus as once you got into it you do what? Destroy the server? Fine. Where is the global threat?
Usually *technical writers* have little idea of what they are talking about.
If it does not spread it is not a virus: it is a joke. Comparing this to Sasser just says a lot about the ignorance of the FUD writer.