“A researcher has disclosed a privilege escalation vulnerability in OS X which is yet to be fixed in the latest release of the operating system,” Charlie Osborne reports for ZDNet.
“German researcher Stefan Esser from security audit firm SektionEins disclosed the vulnerability on Tuesday,” Osborne reports. “The security flaw affects OS X 10.10.x and relates to new features added by the iPad and iPhone maker in the newest evolutions of the OS, Yosemite and El Capitan.”
“Esser says it is ‘unclear’ whether Apple knows about the security flaw or not, as it has already been patched in the first beta versions of OS X El Capitan 10.11, but not in the current release of OS X 10.10.4 or in the current beta of OS X 10.10.5, which has just been released to public beta testers,” Osborne reports. “The researcher speculates that the fix may be the result of a code cleanup rather than a security sweep.”
Read more in the full article here.
MacDailyNews Take: Now that’s it’s disclosed, we’d expect Apple to release a fix for OS X Yosemite once it’s ready.
Well why not? Nothing else is going right.
With double digit year over year gains nothing is right?
Well, put a \s after your sentence.
All things Apple are mutually exclusive. But people tend to forget that and lump everything into one basket.
El Capitan is in deed the OS we should have gotten, like wise Snow Leopard and Mountain Lion, instead of the “beta-GMs” we got from their predecessors. Code shouldn’t be sloppy.
I know this isn’t NASA, but keep it tidy, and we won’t get undocumented or unintended features.
Apple isn’t Microsoft. Apple kills bugs, Microsoft screams and runs away and calls the bug-cleaners to come try and dispatch as many bugs as they can. Its almost as if “researchers” are doubting Apple’s ability to kill bugs.
Sent from my iPhone
>
Apple occasionally dumps old code base and starts new. This is actually a good thing, to the chagrin of many. This is something Microsoft should do.
“Esser says it is ‘unclear’ whether Apple knows about the security flaw” — highly irresponsible disclosing a security vulnerability without directly notifying the vendor first!
Apple has had a long string of such security holes, starting last fall. Apple’s response to them has been, in a word, LAZY.
I have no confidence in Apple’s current software security team. From what I can tell, they laze around on tanning chairs around a pool all day until a third party with a CATTLE PROD arrives and forces them to actually DO SOMETHING to protect Apple’s software assets. I’d gladly join the next cattle prod raid on these sloths. Their work has been unacceptable.
@Derek,
Yep, Apple security is pathetic actually. They need a kick in the butt, hire a bus load “good” gray hats and start fuzzing. Then immediately implement the code fixes. As you said, now they are sitting by the pool doing NOTHING.
As I said for years, OS X filled with holes like Swiss cheese. Then add third party programs that opens it up even more.
Still, not too many pro hackers/organized crime noticing OS X, yet. We are still safer then surfing with a Windows box because of this. “Security Through Situational Obscurity”
I know this list is old ….. but why can’t this many people do a better job securing OS X? I would assume there are more lazy heavy hitters sitting by the pool doing NOTHING in 2015.
http://www.crn.com/news/security/240007794/17-heavy-hitters-on-apples-security-team.htm
.