toggle

AAPL Stock: 502.6 ( + 9.18 )

Apple's security patch falls short?

updated 02:05 pm EDT, Mon May 15, 2006

Apple\'s security patch


Despite fixing 31 different software vulnerabilities in a range of products that could be used by remote attackers to compromise Mac OS systems, Apple's latest security patch falls short, according to one researcher. Infoworld notes that Apple's latest security update, which was released last week, includes critical software fixes for holes in OS X, the Safari Web browser, and Mac components for viewing image and video files, but leaves some holes reported by independent researcher Tom Ferris unpatched--although he reported them to Apple last month. According to the report, Ferris said the company did not patch security flaws in Safari, QuickTime, and the iTunes application; he described them as critical flaws that allow remote code execution, but did not post the details on his Web site in April (although he is now). In addition, he said that Ferris has found new holes in Mac OS X affecting TIFF format files and BOMArchiver, an application used to compress files, Infoworld writes.


by MacNN Staff

print
email
(14)

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. aristotles

    Grizzled Veteran

    Joined: Jul 2004

    0
    05/15, 02:20pm | report spam | Reply |

    Tom Ferris is a hack

    He does not have a clue what a buffer overflow is. This same guy was trolling on firefox's bugzilla a while back.

  1. TimmyDee51

    Mac Elite

    Joined: Mar 2000

    0
    05/15, 02:32pm | report spam | Reply |

    DON'T visit his site!

    Ferris is not a real security researcher. By posting the flaws to his site without giving Apple ample time to fix them, it's clear that all he is looking for is the ad revenue that his site will generate, not for Apple to properly fix the problems.

  1. jhorvatic

    Fresh-Faced Recruit

    Joined: Apr 2005

    0
    05/15, 02:36pm | report spam | Reply |

    I figured this guy wasn'

    I figured this guy wasn't real. And I know Apple to be quite thorough in what they do when they do it. Since I've yet to see OSX actually get attacked in the wild I think everyone has nothing to worry about. This is a Windows troll trying to scare the OSX community which knows better already than to believe such FUD.

  1. Albert

    Fresh-Faced Recruit

    Joined: May 2003

    0
    05/15, 02:49pm | report spam | Reply |

    troll the ferris

    up geniune article

    for his good deeds he should at least be toasted with warm beer.

    thanks a lot

  1. Ganesha

    Senior User

    Joined: Jul 2002

    0
    05/15, 02:55pm | report spam | Reply |

    Go to his site

    and click all the ads.... this will get his account flagged for click fraud...

  1. ATPTourFan

    Fresh-Faced Recruit

    Joined: Apr 2003

    0
    05/15, 02:56pm | report spam | Reply |

    Just a...

    ... money making operation. By putting out these messages, he's drawing loads of hits to his site. It's virtually guaranteed that, with all the attention Apple's getting recentely, any kind of security holes/vulnerabilities (confirmed or not) will draw large internet hoards. Don't go to his site and give him any more $$$ for his so-called research.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    05/15, 03:26pm | report spam | Reply |

    real researcher

    Ferris is not a real security researcher. By posting the flaws to his site without giving Apple ample time to fix them, it's clear that all he is looking for is the ad revenue that his site will generate, not for Apple to properly fix the problems.

    What's a 'real' researcher? And what's ample time? Should we just report the problem, and then hope that someday, apple will fix them? After a while, you need to let people know the flaw to determine whether they need to change their computing habits.

    BTW, since the mac has absolutely no viruses, worms, threats, etc, who cares if someone releases the information. We're immune!

  1. MacGeekGuy

    Fresh-Faced Recruit

    Joined: Aug 2006

    0
    05/15, 03:46pm | report spam | Reply |

    Testudo

    testudo... exactly how much crack did you put in your Wheaties today?

    To take such an attitude is simply ridiculous. If there are known OS X specific vulnerabilities that get released... that IS the information required to create a virus, work, etc.

    Yes, we're safe for the moment... yes, Apple will probably do its damndest to keep us safe... but to take a defiantly ignorant (really that's not a flame, but a description of the attitude conveyed) tone is counterproductive.

  1. MacGeekGuy

    Fresh-Faced Recruit

    Joined: Aug 2006

    0
    05/15, 03:47pm | report spam | Reply |

    Typo

    work=worm

  1. koolkid1976

    Fresh-Faced Recruit

    Joined: May 2003

    0
    05/15, 03:51pm | report spam | Reply |

    re: real researcher

    "What's a 'real' researcher? And what's ample time?"

    Some 'real' researchers have a policy of informing the vendor of the security flaw, then wait 30 days before releasing the details to the public.

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

X-Rite ColorMunki Photo

Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...

toggle

Most Commented

10 Most Discussed

 

Popular News