troubleshooting/tutorials/security
03/29/2006, 6:30pm, EST
Wednesday, March 29th
New flaw crashes Safari, Finder
A blogger has identified an apparent flaw in the Apple's Mac OS X graphics display engine, ImageIO, that will crash the company's Safari Web browser and other system applications, including the Finder. The flaw [link: warning, will crash Safari], posted by DrunkenBlog, crashes anything using the Mac OS X ImageIO API including Finder, Preview, and applications based on Webkit and WebCore -- Apple JavaScript/HTML display engine for Safari and other applications. ImageIO reportedly hangs during an EXIF routine, and images of the specified type are already floating around on the Web according to the blogger, who comments on Apple's general security standing. "I haven't met anyone within Apple that's been around awhile who wouldn't admit over beers that they'd be mighty nervous dropping OS X as it currently stands into the orgy Windows swims in, so I'm always amused at what shows up around the Web, and less amused by the pundits feeding it to them." The report notes that the bug -- which only affects Tiger and won't crash Camino or Firefox -- has been reported in Apple's system; however, as with most security issues, Apple has not publicly responded.
Filed under: troubleshooting
, 
, 12
, 
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
Damn.
Damn!
S'funny that the thing everyone remembers about the Titanic is that it sank, but the compartmentalised hull design it pioneered was still better than what was before and has become the standard for ship design.
People like it when 'unbreakable' or 'unsinkable' systems break - presumably because most people have a bad grasp of risk, and thus translate it into 'thank god I'm on a good old single compartment vessel rather than one of these new unsinkable ships'.
(Although the flipside of the lesson is 'if you think you are secure, you may engage in risky behaviour and go full-speed through an ice-flow').
As you say, Jules, poor grasp of risk and avoidance techniques seems to be the key issue.
Safari 1.3.2 (v312.6) Osx 10.3.9
"they'd be mighty nervous dropping OS X as it currently stands into the orgy Windows swims in."
Seems to me anyone would be nervous about launching their creation into something like that. Lord knows the Windows developers feel that way!
Why does Apple need to "respond" to it? They will no doubt respond to it by releasing a fix to this bug with the next incremental 10.4 update.
Once again, as with the "Apple does not have a security czar" angle, the entities who profit from security fears are pointing to things which are not actually security "flaws" in Mac OS X as "proof" that Mac OS X has security concerns. Stupid stuff like this makes me feel safer than ever with Mac OS X, because it is obvious they cannot point to an actual "real world" security threat.