How long did that take? A few days after hearing this? I don't mind Apple downplaying security issues as long as they fix them quickly.
These exploits are so interesting to me. Most if not all of them are actually problems inherited from older Mac OSes, or rather, solutions to problems in older versions of the Mac OS that have turned into new problems for this one. It goes to show how poor the Classic OS was as a network citizen, that they didn't really have to worry about these things. Mac OS X has taken these in as legacy code, and it's actually hurt them since the OS is so much more complete as a network citizen. In a networked world, the greater good does hold back or kill some potential or former user-friendly features. A lot of people were upset at Apple for not adopting more legacy Mac OS features (the disdain for HFS metadata being the most obvious example) that benefitted users. We can see that maybe they didn't take away enough of those things to protect their users in a modern computing environment.
How long did that take? A few days after hearing this? I don't mind Apple downplaying security issues as long as they fix them quickly.
They knew about this for some time now. I believe they were informed in February. Actually, on the 23rd of February. Quick you say? Nah. Only after it became public they got their head out of their ass.
They knew about this for some time now. I believe they were informed in February. Actually, on the 23rd of February. Quick you say? Nah. Only after it became public they got their head out of their ass.
Not only that, but as this long MacNN thread indicates, there are other vulnerabilities related to several protocols that would allow exploits. See also this Secunia advisory. The patch Apple released deals only with the "help:" vulnerability. At this moment, MacOS X is open to serious attack.
They knew about this for some time now. I believe they were informed in February. Actually, on the 23rd of February. Quick you say? Nah. Only after it became public they got their head out of their ass.
Comments
I was wondering when Apple was going to get around releasing this fix. This browser/help viewer exploit was a scary thing.
Mike
These exploits are so interesting to me. Most if not all of them are actually problems inherited from older Mac OSes, or rather, solutions to problems in older versions of the Mac OS that have turned into new problems for this one. It goes to show how poor the Classic OS was as a network citizen, that they didn't really have to worry about these things. Mac OS X has taken these in as legacy code, and it's actually hurt them since the OS is so much more complete as a network citizen. In a networked world, the greater good does hold back or kill some potential or former user-friendly features. A lot of people were upset at Apple for not adopting more legacy Mac OS features (the disdain for HFS metadata being the most obvious example) that benefitted users. We can see that maybe they didn't take away enough of those things to protect their users in a modern computing environment.
I've been coming across some websites that say the threat of this exploit isn't gone yet.
Mike
Originally posted by BuonRotto
How long did that take? A few days after hearing this? I don't mind Apple downplaying security issues as long as they fix them quickly.
They knew about this for some time now. I believe they were informed in February. Actually, on the 23rd of February. Quick you say? Nah. Only after it became public they got their head out of their ass.
The proof on concept to test it again: http://www.insecure.ws/article.php?s...04051612423136
Originally posted by Defiant
They knew about this for some time now. I believe they were informed in February. Actually, on the 23rd of February. Quick you say? Nah. Only after it became public they got their head out of their ass.
Not only that, but as this long MacNN thread indicates, there are other vulnerabilities related to several protocols that would allow exploits. See also this Secunia advisory. The patch Apple released deals only with the "help:" vulnerability. At this moment, MacOS X is open to serious attack.
Originally posted by Defiant
They knew about this for some time now. I believe they were informed in February. Actually, on the 23rd of February. Quick you say? Nah. Only after it became public they got their head out of their ass.
The proof on concept to test it again: http://www.insecure.ws/article.php?s...04051612423136
You'll find a good reading here in german (albeit not swiss german ).
Generally it says:
- download RCDefaultApp
- remap the following to disabled
* disk:
* disks:
* telnet:
* afp:
* ftp: