 |
 |
Researcher blasts Apple for 'negligent' patching
|
|
|
|
|
Professional Poster
Join Date: Mar 2002
Location: Smallish town in Ohio
Status:
Offline
|
|
http://www.infoworld.com/article/07/...cgd=2007-08-07
Member of research team that found the first iPhone vulnerability criticizes Apple for not keeping up to date with security fixes to its open source components
By Gregg Keizer, Computerworld
August 06, 2007
One of the researchers who went public last month with the first iPhone vulnerability said Monday that Apple's lackadaisical updating of the open source components it uses in Mac OS X is inexcusable and negligent.
"Apple has a habit of not keeping [Mac OS X's] open source [components] up to date," said Charles Miller, a researcher with Baltimore-based Independent Security Evaluators (ISE) who presented at last week's Black Hat security conference in Las Vegas. "Open source software is as secure, I think, as closed source, but Apple isn't keeping up with fixes.
Are the allegations in this article FUD or are they legitimate?
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Jan 2006
Location: Seattle, Washington
Status:
Offline
|
|
Blah blah blah, somebody is always complaining about Apple security. I think they just want to prove that Windows and Windows Mobile is the best/safest/most secure.
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Offline
|
|
With mDNSResponder they just disabled the service instead of fixing the security hole.
This has nothing to do with Windows; the guys at Black Hat aren't exactly big Microsoft fans.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by macintologist 
Quite likely. Most Unix packages in OS X I've stumbled across are outdated versions: Apache, PHP, OpenSSL, Python, XFree86/Xorg, etc.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status:
Offline
|
|
Haven't read the entire article, but it is true that Apple are rather slack with security, and in particular with including updated versions of third-party open-source software (eg, Samba) which have had important security fixes long ago, but Apple still includes the old un-fixed versions.
There's really no excuse for this.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by imitchellg5
Blah blah blah, somebody is always complaining about Apple security. I think they just want to prove that Windows and Windows Mobile is the best/safest/most secure.
A little reactionary?
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by Brass
Haven't read the entire article, but it is true that Apple are rather slack with security, and in particular with including updated versions of third-party open-source software (eg, Samba) which have had important security fixes long ago, but Apple still includes the old un-fixed versions.
There's really no excuse for this.
Agreed. Apple needs to partner with an open source package management system of some sort (or else create their own) so that this responsibility is not theirs to bare alone, assuming that this has been the bottleneck.
(Last edited by besson3c; Aug 8, 2007 at 05:47 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Baninated
Join Date: Aug 2007
Status:
Offline
|
|
Why do people insist on creating drama where none previous existed? I blissfully use my dell with os x and no patches.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by Mel O Dramatik
Why do people insist on creating drama where none previous existed? I blissfully use my dell with os x and no patches.
OS X on Dell ?
You deserve a bannination. Reported.
-t
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Jan 2006
Location: Seattle, Washington
Status:
Offline
|
|
Originally Posted by besson3c
A little reactionary?
Maybe, but it does seem like people who enjoy finding security holes are always blasting Apple products to heck.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status:
Offline
|
|
Originally Posted by imitchellg5
Maybe, but it does seem like people who enjoy finding security holes are always blasting Apple products to heck.
In this case the blasting is well deserved. Somebody else has already fixed the security problems in question. Apple merely has to include the current versions of 3rd party software, instead of old versions of the same software, in their (fairly regular) security updates. It really is quite simple, and I cannot understand any good reason why Apple would not do this.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by imitchellg5
Maybe, but it does seem like people who enjoy finding security holes are always blasting Apple products to heck.
Good for us! You should be thankful that people are paying attention!
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
