“The anonymous researcher who claims to have crafted a [proof-of-concept] Mac OS X worm said today that he (or she) will report his findings to Apple Inc., but added that the Cupertino, Calif.-based company ‘has a very long way to go’ on security,” Gregg Keizer reports for Computerworld.
“Identified only as the researcher behind the Information Security Sell Out blog, the individual on Sunday announced that a still-unpatched bug in mDNSResponder, a component of Apple’s Bonjour automatic network configuring service, could be exploited by a worm,” Keizer reports. “According to the researcher, the worm is fully automated and ready to use.”
“Another researcher, however, questioned whether the anonymous individual crafted the worm in only a few hours, as claimed. ‘Writing the exploit in one day… unlikely for anything other than a stack overflow,’ said Dave Aitel, the chief technology officer at Immunity, Inc.,” Keizer reports.
“Like other researchers who have grown tired of claims that Mac OS X is more secure than rival operating systems, the anonymous individual saved a last shot for Apple. Although he said he will report the newfound vulnerability to Apple at some point, he has no timetable at the moment. ‘I do believe in being responsible and working with vendors,’ he said, ‘but I also feel that some vendors need to be treated like children and learn lessons the hard way. Apple has a very long way to go when dealing with security issues in their products,'” Keizer reports.
Keizer reports, “Apple spokesman Anuj Nayar offered a rebuttal in an e-mailed statement. ‘Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users,’ he said.”
Full article here.
MacDailyNews Take: Treating Apple like a child by acting like one.