“A pair of security researchers has picked January 2007 as the starting point for a month-long project in which each passing day will feature a previously undocumented security hole in Apple’s OS X operating system or in Apple applications that run on top of it,” Brian Krebs, yes, that Brian Krebs, reports for The Washington Post.
“The ‘Month of Apple Bugs’ project, currently slated to begin on Jan. 1, is being orchestrated in part by a security researcher who asked to be identified only by his online alias ‘LMH.’ This is the same researcher who in November ran the ‘Month of Kernel Bugs’ project. LMH’s partner in this project is Kevin Finisterre, a researcher who has reported numerous bugs to Apple over the past few years,” Krebs reports.
Krebs reports, “To the chagrin of some security experts, however, LMH declined to give affected vendors advance noticed before posting evidence of kernel bugs on his Web site last month. Eleven of those kernel bugs were related to Apple software and applications, including a serious security hole that prompted a software update from Apple just two weeks later. As with the kernel bugs project, Apple will be given no advance notice with the Month of Apple bugs, LMH said in an interview conducted over instant message.”
Krebs reports, “LMH said that while his upcoming project had the potential to at least temporarily make security more tenuous for the average Mac user, he believes that in the long run the project will improve OS X security. ‘Right now, many OS X users still think their system is bulletproof, and some people are interested on making it look that way,’ LMH said.”
Full article here.
MacDailyNews Take: Which Mac OS X users think their systems are bulletproof? No one we know. Most of us simply know for a fact that Mac OS X is vastly more secure than Windows. Hopefully, “LMH” finds something of value with which Apple can work and his irresponsible method of posting them before notifying Apple doesn’t cause any damage. Judging from past performances, we’re sure Krebs is fairly drooling over the possibilities, real or imagined.
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006