Exploitability and marketshare are both factors. Design determines how hard it is to write an exploit. Marketshare gives attackers motivation. Given that the vast majority of businesses run Windows, hackers would have more of an incentive to find exploits for Windows even if it were harder to exploit than OS X.
Everyone on this forum understands the argument for the notion that popularity correlates to vulnerability. All you did was to repeat the argument. Nonsense repeated is still nonsense.
"Earlier this week we implemented a server-side app security update that secures app data and blocks apps with sandbox configuration issues from the Mac App Store. We have additional fixes in progress and are working with the researchers to investigate the claims in their paper," an Apple spokesman said.
A bit worrisome that this can be read that Apple didn't take the security problem seriously and waited six month to do something.
Exploitability and marketshare are both factors. Design determines how hard it is to write an exploit. Marketshare gives attackers motivation. Given that the vast majority of businesses run Windows, hackers would have more of an incentive to find exploits for Windows even if it were harder to exploit than OS X.
Not so, iOS an OS X combined have a huge (and ever increasing) presence in business that can be compared to that of Windows, and it could be argued that iOS and OS X represent the more interesting targets.
AI, please let us know when this exploit goes live in the wild and is affecting real users. So far none of the other Apocalyptic/Armageddon flaws have resulted in anything. And a lot of those flaws require physical access or cooperation from the user. As we all know, once the bad guy has physical possession of your machine you’re screwed no matter what. Haters gonna hate and security researchers gonna toot their horns and thump their chests.
Beyond this there’s the cultural fatalism about security and privacy that people have resigned themselves too. Forget about these operating system flaws. They require some effort. The bad guys can get all the information they want about you by hacking the IRS, SSA, Anthem Blue Cross, Home Depot, and just about any other company with leaky servers and misconfigured security protections. Corporate IT types are massively incompetent even as they comment on forums like this about how many years they’ve been in the business and how smart they are and how they know everything. And then some Russian teenager pwns their server.
The problem is that it is difficult to say if a system is compromised, it's users most of the time don't know it themselves until a devastating effect presents itself (like an empty bank account, or threats to expose certain videos etc). Sometimes the link with a hacked system is never made, but the hack is very real.
Physical access to my iPhone doesn't make it a lot easier to hack, physical access to my Mac isn't (or shouldn't be) an advantage either if I have whole disc encryption on.
Now if I am logged in and my account isn't locked and someone gets access to my system it's easier to exploit the system but even that is difficult if the security is designed and implemented in the right way.
I expect from Apple that they pay extreme attention to security and have a dedicated team (or teams) that constantly evaluate the security and its design, and try to exploit the system to see if it's still ok. The incidents from the last few years suggest (and in some occasions make clear) that Apple doesn't have such a team (or that is is not capable).
I find that worrisome.
Whether you love or loath Apple it has always been a lightning rod for oversaturated opinions one way or the other. It's simply impossible to find middle-of-the-road responses to anything published about Apple, good or bad. The same article published on a web site will see both claims that the site is always shilling for Apple and the site is a constant attacker of Apple, because, you know, haters gotta hate.
...
It isn't impossible to find sensible responses, you simply have to read better (and expect that someone, besides yourself of course, can give a sensible response).
Sometimes data isn't open for interpretation, we call that facts, so it isn't a matter of opinion all the time, you should realize that.
It isn't impossible to find sensible responses, you simply have to read better (and expect that someone, besides yourself of course, can give a sensible response).
Sometimes data isn't open for interpretation, we call that facts, so it isn't a matter of opinion all the time, you should realize that.
Very little data, especially those coming in as news, is actually fact. Even true hard facts are packaged usually in a heap of interpretive mumbo jumbo. I'd argue many things people calls "facts" aren't, or they couldn't pick the facts out the of the wreck of data they received. There's always seemingly a spin to that data to generate a response in the person's mind; that's why being very cynical about news is the best way to go about things.
Almost all "news" about Apple is 99% sensationalized clickbait garbage wrapping 1% fact (if we're lucky). That's how those so called modern "news" organization make money. There's no money in checking for accuracy and writing the news straight, without any god damn veneer.
One important news about Apple that's a true hard fact is Taylor Swift letter about to Apple opposing the 3 month intro offer. This is a more significant high profile news, an also a more accurately reported news, than the overblown Xara crap.
Every year I fall for ONE Apple Security Apocalypse story, and think "this is it--the big one."
It never is. But they up their game every year, hyping harder and obscuring the details just to fool me one more time...
But even so, if this is just "another little one" (possibly affecting zero users), it's still important to catch and fix the issues.
Your issue should be with the reporting rather than the researchers. While it's likely that no one ever made use of it, now no one ever will on any machine that can receive the appropriate updates.
Not so, iOS an OS X combined have a huge (and ever increasing) presence in business that can be compared to that of Windows, and it could be argued that iOS and OS X represent the more interesting targets.
Numbers please. iOS obviously has claimed the dominant marketshare in mobile usage. But the claim that OS X has supplanted the classic Active Directory/Group Policy-managed Windows workstations is news to me.
Numbers please. iOS obviously has claimed the dominant marketshare in mobile usage. But the claim that OS X has supplanted the classic Active Directory/Group Policy-managed Windows workstations is news to me.
What are mobile devices used in most companies for besides email? Even Blackberries were essentially portable email machines and instant messengers. The core of businesses -- company finances, hiring, etc. -- is all conducted on desktops. Those would be the high-value targets for any attack.
Comments
excellent post re: the spectrum from black to white. (like most things, it's really a shade of grey.)
as a retired software developer, i personally found security issues to be fairly boring.
spy vs. spy stuff. but i'm a greybeard old hippie who trusts more than most.
for others, security is "job security". it's too bad other computing-related issues don't
get more play. exception: the most recent issue of the bloomberg business week magazine,
devoted *entirely* to "code", exposed to a very wide audience.
Exploitability and marketshare are both factors. Design determines how hard it is to write an exploit. Marketshare gives attackers motivation. Given that the vast majority of businesses run Windows, hackers would have more of an incentive to find exploits for Windows even if it were harder to exploit than OS X.
Everyone on this forum understands the argument for the notion that popularity correlates to vulnerability. All you did was to repeat the argument. Nonsense repeated is still nonsense.
A bit worrisome that this can be read that Apple didn't take the security problem seriously and waited six month to do something.
Not so, iOS an OS X combined have a huge (and ever increasing) presence in business that can be compared to that of Windows, and it could be argued that iOS and OS X represent the more interesting targets.
The problem is that it is difficult to say if a system is compromised, it's users most of the time don't know it themselves until a devastating effect presents itself (like an empty bank account, or threats to expose certain videos etc). Sometimes the link with a hacked system is never made, but the hack is very real.
Physical access to my iPhone doesn't make it a lot easier to hack, physical access to my Mac isn't (or shouldn't be) an advantage either if I have whole disc encryption on.
Now if I am logged in and my account isn't locked and someone gets access to my system it's easier to exploit the system but even that is difficult if the security is designed and implemented in the right way.
I expect from Apple that they pay extreme attention to security and have a dedicated team (or teams) that constantly evaluate the security and its design, and try to exploit the system to see if it's still ok. The incidents from the last few years suggest (and in some occasions make clear) that Apple doesn't have such a team (or that is is not capable).
I find that worrisome.
It isn't impossible to find sensible responses, you simply have to read better (and expect that someone, besides yourself of course, can give a sensible response).
Sometimes data isn't open for interpretation, we call that facts, so it isn't a matter of opinion all the time, you should realize that.
It isn't impossible to find sensible responses, you simply have to read better (and expect that someone, besides yourself of course, can give a sensible response).
Sometimes data isn't open for interpretation, we call that facts, so it isn't a matter of opinion all the time, you should realize that.
Very little data, especially those coming in as news, is actually fact. Even true hard facts are packaged usually in a heap of interpretive mumbo jumbo. I'd argue many things people calls "facts" aren't, or they couldn't pick the facts out the of the wreck of data they received. There's always seemingly a spin to that data to generate a response in the person's mind; that's why being very cynical about news is the best way to go about things.
Almost all "news" about Apple is 99% sensationalized clickbait garbage wrapping 1% fact (if we're lucky). That's how those so called modern "news" organization make money. There's no money in checking for accuracy and writing the news straight, without any god damn veneer.
One important news about Apple that's a true hard fact is Taylor Swift letter about to Apple opposing the 3 month intro offer. This is a more significant high profile news, an also a more accurately reported news, than the overblown Xara crap.
Dag Nabbit! They got me again!
Every year I fall for ONE Apple Security Apocalypse story, and think "this is it--the big one."
It never is. But they up their game every year, hyping harder and obscuring the details just to fool me one more time...
But even so, if this is just "another little one" (possibly affecting zero users), it's still important to catch and fix the issues.
Your issue should be with the reporting rather than the researchers. While it's likely that no one ever made use of it, now no one ever will on any machine that can receive the appropriate updates.
Not so, iOS an OS X combined have a huge (and ever increasing) presence in business that can be compared to that of Windows, and it could be argued that iOS and OS X represent the more interesting targets.
Numbers please. iOS obviously has claimed the dominant marketshare in mobile usage. But the claim that OS X has supplanted the classic Active Directory/Group Policy-managed Windows workstations is news to me.
Wow! Talk about moving the goal posts.
Wow! Talk about moving the goal posts.
What are mobile devices used in most companies for besides email? Even Blackberries were essentially portable email machines and instant messengers. The core of businesses -- company finances, hiring, etc. -- is all conducted on desktops. Those would be the high-value targets for any attack.