New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5

135

Comments

  • Reply 41 of 92
    nolamacguynolamacguy Posts: 4,758member
    Is your comment is some kind of defensive shield magic?  For who?  Help me understand why your kind of comment is posted.  It says that criticism of Apple in any form should be considered enemy fire.

    no, it says when you spend enough time on this site, which is unapologetically pro-Apple, and when there is exaggerated news like this, that the anti-Apple trollers will soon make their appearance to waive hands and spread FUD. because, for reasons we'll never understand, they have a deep and personal need to do so.

    and yes, indentifying this nutso behavior does help to mitigate it, because the trolls are identified as trolls, negating their concern-troll smokescreen narratives.
  • Reply 42 of 92
    tallest skiltallest skil Posts: 43,399member
    ralphdaily wrote: »
    I'm tired of exploits

    Then you need to check your privilege. ;):lol:
  • Reply 43 of 92
    nolamacguynolamacguy Posts: 4,758member
    knowitall wrote: »
    Maybe he is afraid that someone like me posts a comment that "Apple is clearly dropping the ball on this by apparently not having a dedicated team on security and should step up its efforts by assigning a group of hackers to test the (new) software they release"

    please cite your source that shows Apple doesn't have a security team. because as any developer can tell you, bugs happen. security bugs too. and their existence doesn't prove or suggest there is nobody focused on security.

    so....nonsense. I don't see you going on about the monthly stream of security updates Windows has, routinely and constantly.
  • Reply 44 of 92
    nolamacguynolamacguy Posts: 4,758member
    boredumb wrote: »
    If you tell the public first, aren't you telling the company/author at the same time?
    I can't see why it's a bad thing to tell everyone as soon as possible, 
    unless you think it would spoil the tea and crumpets, gentleman's handshake atmosphere
    we all expect in tech...

    how naive.

    no, it's because gives criminals an early opportunity to do bad in the world before it gets patched. duh.
  • Reply 45 of 92
    revenantrevenant Posts: 621member
    Quote:

    Originally Posted by HuskyOffset View Post





    I'm with digitalclips on this one. Not notifying the software author first, and giving them some time to release a patch before public disclosure, is pure asshattery, in my opinion.

     

    Quote:

    Originally Posted by digitalclips View Post





    Really? Wouldn't you have preferred he shared with Apple first?



    I am saying i am happy that it is being shared- not where it should be shared first. I rather it be made publicly then kept quiet while hackers get into other people's computers.

    It would be best for everyone if it was shared with the company the hack is aimed at first, my comment indicated no preference only happy that it not stay quiet.

  • Reply 46 of 92
    dysamoriadysamoria Posts: 3,430member
    Awaiting the inevitable contrarians to show up and do their anti-Apple troll dance.

    That's not me, I've moved to Mac, abandoning Windows, but I have to say it is sad to see the validation of an old claim that Macs suffer less viral/exploitation simply for being less popular/common. The course we are headed in is not as bad as the Windows cess pool, but it's also not as worry-free as it previously appeared. Popularity breeds contempt and opportunism.
  • Reply 47 of 92
    solipsismysolipsismy Posts: 5,099member
    dysamoria wrote: »
    That's not me, I've moved to Mac, abandoning Windows, but I have to say it is sad to see the validation of an old claim that Macs suffer less viral/exploitation simply for being less popular/common. The course we are headed in is not as bad as the Windows cess pool, but it's also not as worry-free as it previously appeared. Popularity breeds contempt and opportunism.

    How is that ridiculous claim "validated"? Mac OS had more actual viruses during their dark years than today. What you're experiencing is two things, 1) you're a Mac user which means you take notice of exploits more than when you weren't (kind of like when you buy a new car you start seeing more of that car on the road even though it's just that you brain is actively recognizing them more now), and 2) the Internet has a way of not only moving news but echoing it, which is amplified when the company or product in question has more mindshare or a higher expectation among their user base (and haters) than another. This is why it's hard to get a Windows or Android exploit on the primetime news but a proof-of-concept not affecting any actual Apple products that already has been patched for their next update does.
  • Reply 48 of 92
    foggyhillfoggyhill Posts: 4,767member
    Quote:
    Originally Posted by boredumb View Post

     

    If you tell the public first, aren't you telling the company/author at the same time?

    I can't see why it's a bad thing to tell everyone as soon as possible, 

    unless you think it would spoil the tea and crumpets, gentleman's handshake atmosphere

    we all expect in tech...


     

    Really, so are those people going to god damn fix it? No. Man, I'm tired of this shitty line of argument.

    There is no fix and he also gave the god damn exploit, so how is that a good thing?

    Thousands of ccript kiddies with no competency can now go after computers through social engineering instead of maybe a few seasoned hackers.

     

    The guy could have contacted Apple and then waiting 90 days, or whatever (if the fix is very hard to implement you wait longer).

    The only sort of fix for this is basically not downloading/running third party crap, which people who actually care about security would mostly be not doing anyway. The people who will be hit by this are those, like college students or your mother, who can't be bothered with security in general so they'll run it and bam!

     

    He didn't even follow minimum guidelines, he was a total dickhead about it.

     

    As for this  being an issue or not, it depends on the existence of other exploits that enable remote access to an account, or using social engineering to have someone run your code (the most likely vector). That's how most malware/virus/trojans propagate.

  • Reply 49 of 92
    foggyhillfoggyhill Posts: 4,767member
    Quote:

    Originally Posted by dysamoria View Post





    That's not me, I've moved to Mac, abandoning Windows, but I have to say it is sad to see the validation of an old claim that Macs suffer less viral/exploitation simply for being less popular/common. The course we are headed in is not as bad as the Windows cess pool, but it's also not as worry-free as it previously appeared. Popularity breeds contempt and opportunism.

     

    On Windows 10, I get 500+ security patches per year, you're telling me this thing is safer, not at all!  People are used to it being a total sieve.

    My main desktop is a windows 10 machine (yes, I'm a Apple user without a Mac!). Its way safer than Win 95 to XP (especially early version XP), but that's not saying much.

  • Reply 50 of 92
    dasanman69dasanman69 Posts: 13,002member
    foggyhill wrote: »
    dysamoria wrote: »
    That's not me, I've moved to Mac, abandoning Windows, but I have to say it is sad to see the validation of an old claim that Macs suffer less viral/exploitation simply for being less popular/common. The course we are headed in is not as bad as the Windows cess pool, but it's also not as worry-free as it previously appeared. Popularity breeds contempt and opportunism.

    On Windows 10, I get 500+ security patches per year, you're telling me this thing is safer, not at all!  People are used to it being a total sieve.
    My main desktop is a windows 10 machine (yes, I'm a Apple user without a Mac!). Its way safer than Win 95 to XP (especially early version XP), but that's not saying much.

    How are you getting 500+ security patches per year on an OS that just came out?
  • Reply 51 of 92
    Apple need to stop this NOW!

    The Italian developer needs get a call from the lawyers at Apple and let him know that he might be getting a bill from anyone who will be affected by his public disclosure of the bug.

    There are consequences to every action. Publishing something publicly and putting people at risk is a criminal act - just ask Edward Snowden.
  • Reply 52 of 92
    bulk001bulk001 Posts: 709member
    Awaiting the inevitable contrarians to show up and do their anti-Apple troll dance.
    You mean like when people on this site used to do that when Microsoft vulnerabilities were revealed?
  • Reply 53 of 92
    Quote:
    Originally Posted by Suddenly Newton View Post



    No it doesn't. It says contrarians take the opposite position for the sole purpose of trolling, regardless of how indefensible or illogical that position may be. I see it in the forums all the time as stubborn intransigence, even after being soundly bested in debate.

     

    If the trolls are that easy to identify, why not simply ignore them, and focus on rational discussions instead? I am in total agreement with you that trolls drag things down, but depositing warnings at the head of a discussion also changes the tone.
  • Reply 54 of 92
    lkrupplkrupp Posts: 10,160member
    Quote:
    Originally Posted by lkrupp View Post

     

    Above all don’t listen to the paranoid crowd’s predictions of the Apocalypse. They show up here every time one of these reports gets out, wringing their hands and running around with their hair on fire.


     

    And right on cue the “Sons of the Apocalypse” show up in this thread spreading their paranoia and FUD and telling everyone to hide under their beds. We never see them appear in AI unless it’s about a security issue and it’s always to issue dire warnings about the latest show stopper du jour. Can any of them provide documentation of a single Mac user getting hit by ANY of the security flaws discovered in the last year, from the Heartbleed SSL Apocalypse to today’s exploit? Remember the Heartbleed bug? It was supposed to take out the entire internet according to the paranoid crowd. Oh, and the more recent Stage-fright Android exploit that was supposed to destroy 90% of Android users? Where are those victim’s bodies buried?

  • Reply 55 of 92
    lkrupplkrupp Posts: 10,160member
    Quote:

    Originally Posted by repmeer View Post



    His developer account should be revoked for this.

     

     

    Quote:

    Originally Posted by knowitall View Post





    He doesn't need a developer account to be able to do this.



    Maybe not but he will definitely be on Apple’s permanent shit list... forever. If Fake Steve Jobs were still around he would have dispatched Moshe to take this guy out in a timely manner. And Katie would have crossed his name off the guest list.

  • Reply 56 of 92
    nolamacguynolamacguy Posts: 4,758member
    dysamoria wrote: »
    That's not me, I've moved to Mac, abandoning Windows, but I have to say it is sad to see the validation of an old claim that Macs suffer less viral/exploitation simply for being less popular/common. The course we are headed in is not as bad as the Windows cess pool, but it's also not as worry-free as it previously appeared. Popularity breeds contempt and opportunism.

    wrong. this is not validating security by obscurity. SBO isn't sound and doesn't make a system secure. OS X is a good OS because of its software, not because it's not yet popular enough.

    there have been few to no viruses (virus, not malware) in the wild on OS X. this is because of how it was built. OS X has more users than ever, and Apple has a huge target on its back -- yet still no viruses. previous Mac OS System versions had actual viruses targeting them in the wild, despite far, far fewer users than OS X.

    again -- the only myth is the concept of security by obscurity.
  • Reply 57 of 92
    nolamacguynolamacguy Posts: 4,758member
    bulk001 wrote: »
    You mean like when people on this site used to do that when Microsoft vulnerabilities were revealed?

    nope. it's not being a contrarian to do the Windows-sucks dance because this is an Apple site. thus, it's being contrary to anything considered the norm here.
  • Reply 58 of 92
    nolamacguynolamacguy Posts: 4,758member
    If the trolls are that easy to identify, why not simply ignore them, and focus on rational discussions instead? I am in total agreement with you that trolls drag things down, but depositing warnings at the head of a discussion also changes the tone.

    it does nothing of the sort.
  • Reply 59 of 92
    Quote:

    Originally Posted by NolaMacGuy View Post





    it does nothing of the sort.

     

    Of course it does.  The comment does nothing to prevent or identify trolls, as you suggest it does.

     

    That is, you say, "and yes, indentifying this nutso behavior does help to mitigate it, because the trolls are identified as trolls, negating their concern-troll smokescreen narratives."  I totally agree with that!  Pointing out a troll comment *after the fact* for someone who might not recognize it otherwise is what you're talking about, but the comment in question doesn't identify anything.  Rather, it just says that trolls are coming.

  • Reply 60 of 92
    knowitallknowitall Posts: 1,648member
    Quote:
    Originally Posted by NolaMacGuy View Post





    please cite your source that shows Apple doesn't have a security team. because as any developer can tell you, bugs happen. security bugs too. and their existence doesn't prove or suggest there is nobody focused on security.



    so....nonsense. I don't see you going on about the monthly stream of security updates Windows has, routinely and constantly.



    Your reading skills are not that good.

    Look up 'apparently' ...

     

    There is of course another possibility why the string of security bugs slipped through, when Apple does have a security team.

Sign In or Register to comment.