AAPL Stock: 126.88 ( -1.82 )

Printed from

\'Old\' security flaws persist in Mac OS X

updated 02:40 pm EST, Wed January 25, 2006

Security flaws in OS X

Apple could be leaving its Mac OS X users prone to attack if many newly and previously discovered bugs are not fixed. Software security specialists at Suresec recently dug through the coding of Mac OS X to find bugs that persist in current versions of both Intel- and PowerPC-based versions of Mac OS X--many of which were fixed in other companies' operating systems years ago, according to ZDnet Australia "The code that Apple uses in its applications and libraries is relatively under-audited, which leaves a lot of low hanging bugs... Some of the security vulnerabilities we've seen during research on OS X were fixed on most other operating systems 10 to 15 years ago," said Suresec's Neil Archibald. The company said that as Apple's marketshare grows, malicious users will find and exploit more of the underlying flaws. Apple is slow to fix them after they are found, and doesn't use the right software to preven them in each release, according to the firm.

Archibald believes opinions are "justifie[d] because Apple does not use software auditing tools to scan enough of its software," according to ZDNet Australia. This opinion echoes that of Bill Thomson, BBC correspondent, who surmises that Apple's image of a secure operating system is mostly due to a lack of users in comparison to the entire PC market. Microsoft has been using various software editing tools to enhance the security of the Windows operating system in order to seek out and correct coding errors that could allow disastrous effects.

"During the small time Suresec researchers spent auditing Mac OS X, many vulnerabilities like this turned up. Suresec is currently aware of many bugs which exist by default in the latest version of Mac OS X, on both the Intel and PPC Architecture," Archibald stated to ZDNet Australia.

"In my experience-- which is also the experience of some of my peers- Apple has been very slow to respond to reported security vulnerabilities. It expects security researchers to wait indefinitely to release the vulnerabilities and offers no incentive for them to do so," said Archibald.

by MacNN Staff





  1. Glasspusher

    Joined: Dec 1969


    UB Virus

    Still waiting for the first Universal Binary virus, to infect at full speed!


  1. porieux

    Joined: Dec 1969



    What a ridiculous uninformed pantload of FUD.

  1. Feathers

    Joined: Dec 1969


    zdnet virus!

    zdnet - infecting journalism worldwide at an accelerated pace!

  1. wings_rfs

    Joined: Dec 1969


    What Planet Is He From?

    This is almost like reading an article that says the sun rises in the west, that water flows uphill, and Carrie Underwood can't sing. It's totally contrary to everything I've been reading these past few years, especially the part about Apple taking their time to fix known security issues. And tell me how have most other Unixes fixed some of these problems 10+ years ago, but not Apple, when Apple adopted their BSD flavor of Unix only 5 years ago? What a dork.

  1. Rincewind

    Joined: Dec 1969


    they could at least...

    ... say what these bugs are! Are they remote exploits? Local exploits? Denial of Service (e.g. crashing)? What? They just seem to wave their hands at the "large number of remaining bugs" without saying how these bugs could actually be used. Without such information, I'm inclined to believe that most of the bugs are highly unexploitable.

  1. ElDiabloConQueso

    Joined: Dec 1969


    "Dug" through the sourc

    ...and how long did digging through every line of the source code take? And how, exactly, did he spot insecurities simply by READING the source code? Usually it takes a computer, a compiler, and a decent hacker to find security holes... this chump did it just by READING the source code? Damn!

  1. jhorvatic

    Joined: Dec 1969


    What code is he finding?

    Apple is using OSX not OS9. Two different worlds as far as security goes. OSX has been out for 5 years and not one OSX machine has been compromised. So if there is so many wholes where are they and why aren't these experts getting through? I tell you why, because they don't exist.

  1. iChick

    Joined: Dec 1969


    Suresec's Neil Archibald

    He's just trying to peddle his goods....

  1. resuna

    Joined: Dec 1969


    There are real problems.

    There are some real security problems that Apple has addressed poorly if at all, and that have the potential of escalating to a remote attack (where someone on the internet gets into your computer) or making a social engineering attack far easier. The kinds of problems Archibald is talking about are serious, and would be a real concern for a timeshared system, but would only be useful in a second stage attack after a remote exploit was used.

    So at the same time he's ignoring the real problems, and distracting attention towards secondary ones.

    I talk about the primary problem at more length than I can fit here on my not-a-blog: .

  1. billbarstad

    Joined: Dec 1969


    I know of one

    Whether this is total FUD or not, there is one bug that pops up when running rkhunter on my OS X 10.3.9 machine: openSSH is vulnerable. Anyone know if this bug is fixed in Tiger?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Jorno Bluetooth keyboard and stand

The Jorno Bluetooth keyboard and stand for tablets certainly looks nice. The gunmetal grey shell of the keyboard looks great while the ...

Apple 12-inch Retina MacBook

It is an exciting time for consumer technology, with gadgets and devices that once used to the stuff of dreams now coming to fruition. ...

JBL Synchros Reflect in-ear headphones

All headphones are not created equally, especially when it comes to use during vigorous activities or workouts. Over-the-ear headphone ...


Most Commented