toggle

AAPL Stock: 100.96 ( -0.83 )

Printed from http://www.macnn.com

Darwin audit finds flaws that affect Mac OS X Panther

updated 09:45 pm EST, Tue January 18, 2005

Darwin audit finds flaws

A source-code audit of the open-source released by the ImmunitySec says the bugs mostly affect remote systems with multiple users and that since Mac OS X is most often used on the desktop, the flaws will not be overly important on most people's systems. The company originally found the flaws in June, but only published them to a private list of customers and not notify Apple. On Monday it publicized the flaws, which include "a bug in Mac OS X's SearchFS function, several kernel memory overflows and a logic bug in the AT command, which is used to schedule tasks by the operating system."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Person Man

    Joined: Dec 1969

    0

    WTF??

    The company originally found the flaws in June, but only published them to a private list of customers and did not notify Apple.

    A security firm conducts an audit of an operating system and DOES NOT NOTIFY THE OS MAKER OF THE FLAWS THEY FOUND????

    And then later they go public without even giving the company a chance to fix the problems first?

    Is that f**ked up or what?

  1. vasbinde

    Joined: Dec 1969

    0

    Is this correct?

    I have been in the information security field for over 10 years and I have NEVER heard of a company that would NOT notify the vendor before making a vuln public. Should that line really read, "and notified Apple"? Was "not" just someone accidently typing notify twice?

    I certainly hope so - for otherwise, this seems rather insane.

    -Eric

  1. vasbinde

    Joined: Dec 1969

    0

    After checking...Wow!

    After checking the original CNET article, it seems as though they really did NOT notify Apple. That is the height of hubris and based on the information on their web site seems to fit with their mentality. They seem to be a group of "grey hat" hackers that try to push the envelope of legality for computer security.

    In this case, they seem to have left the flaws in place for six months without notifying Apple for the pure reason of showing their prowess to those companies that have signed up for their service and to flex their muscles to the rest of the hacking community. "Street Cred" is key to crackers/hackers and on its face, this seems designed to provide that.

    However, respectibility is key to getting and keeping the large customers that are crucial to long term survival. Unfortunately for "Immunity", they seem to lack the proper concern for protection, valuing self-promotion instead.

    No respectable researcher would act in this irresponsible of a manner.

    -Eric

  1. Person Man

    Joined: Dec 1969

    0

    Look at original article

    The actual linked article itself states it this way: "The company originally found the flaws in June and published them to a private list of customers but did not notify Apple."

    The word "but" in the above suggests that they really didn't notify the vendor before making the vulnerablities public.

  1. Ganesha

    Joined: Dec 1969

    0

    Ransom...

    The want Apple to pay to be on the list...

  1. LenE

    Joined: Dec 1969

    0

    Who is on the list?

    Microsoft? Sun? Red Hat? Microsoft has done stuff like this in the past, at least with "independent" testing labs.

    Who subscribes to audits of operating systems that they didn't write?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Autodesk Smoke 2015

Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

toggle

Most Commented