[Love Calm Quiet]

Sounds like MS might be hit with a graphics security problem similar to what Apple had to fix a few security patches ago:
http://news.bbc.co.uk/2/hi/technology/3661678.stm

I don't understand enough about what Apple's problem was (or how it repaired it): Did Apple fix one gap -- or change an underlying scheme for how Mac computing is secured? For example, if people on OS X reflexly open a downloaded .jpg, .mov, quicktime, etc, or still have their system set to automatically open such "safe" files (I, for one, don't), isn't it quite conceivable these files could be virused/wormed?

I realize that only going to "safe" or "respected" sites is a valuable preventative, but it's no guarantee (consider: one disgruntled employee; hacker gets into "respected" site)... not to mention the possibility of *receiving* a .jpg from a naive friend... only to discover (much later) that it's got a time-delayed worm in it.

I guess what I'm exploring is: how vulnerable are we (at least until Tiger?) to virus/worm/trojans that could be buried in various media? Surely *somebody* wants to earn a feather for being the first to take the "supposedly virus-free" Apple community down.

[Anubis IV]

Originally posted by Love Calm Quiet:
the first to take the "supposedly virus-free" Apple community down.

Somebody out there already can make that claim.

http://www.macworld.com/news/2004/04...ojan/index.php
http://www.macworld.com/news/2004/05...tego/index.php

Anyway, for the most part we're much safer than Windows, but there are still vulnerabilities.

[Big Mac]

That is really, really old news Anubis. Those were not even viruses, from what I understand. They were curious files that Intego, a virus software maker for the Mac, just coincidentally found before anyone else.

To my knowledge there were no successful exploits through the libpng vulnerability. Apple did the right thing and patched this bug in the png library before anyone could say much about it. As far as security is concerned, Apple has a pretty great track record. On the other hand, the company lets many users suffer with intermittent crashes (see the eleven page thread). Apple could be doing a better job in that regard.

[Anubis IV]

Originally posted by Big Mac:
That is really, really old news Anubis.

That's the whole reason I pointed it out...seemed pretty obvious to me that the topic creator was unaware of them.

[Millennium]

Originally posted by Love Calm Quiet:
Sounds like MS might be hit with a graphics security problem similar to what Apple had to fix a few security patches ago:
http://news.bbc.co.uk/2/hi/technology/3661678.stm

Actually, Microsoft has been hit with several of these.

I don't understand enough about what Apple's problem was (or how it repaired it): Did Apple fix one gap -- or change an underlying scheme for how Mac computing is secured? For example, if people on OS X reflexly open a downloaded .jpg, .mov, quicktime, etc, or still have their system set to automatically open such "safe" files (I, for one, don't), isn't it quite conceivable these files could be virused/wormed?

Actually, a virused image would be much, much worse, because you could embed it into an ordinary Web page. Most users browse with images on, so any image embedded in a page is downloaded when the page is viewed. It's the same principle, but no one is going to turn images off for something like this.

Ahem. Anyway, here's what happened. OSX uses a library called libpng to handle graphics in the PNG image format. This library is not unique to OSX by any standard; it's actually extremely popular elsewhere too. Mozilla, for example, embeds it. You can find more information on it at http://www.libpng.org.

A bug was found in libpng. This particular type of bug is what's called a buffer overflow. What this means is that someone found a place where you can feed the library more data than it's supposed to get, but the library doesn't know that you've done this. Once it's gotten all the data it's supposed to, it just takes the rest of the data and tries to execute it as though it were real application code. Most of the time this would simply crash the app, but if you made a very carefully-constructed image, you could actually make it execute real code, and this could do whatever the person making the image wanted.

Luckily, buffer overflows are generally very easy to fix once they've been found. The libpng library itself was fixed only a few hours after the bug was first discovered, so no one had time to make any images. Apple has to incorporate this fixed version of libpng into the OS, and that took a couple of days.

It's also worth noting that these virused images cannot be cross-platform. You would have to make one for Macs, one for Windows, one for Linux (actually many for Linux; one for each platform it runs on), and so on.

Either way, this was an honest bugfix, not an inherent flaw in the whole system, so once you've applied the update you are completely safe.

I guess what I'm exploring is: how vulnerable are we (at least until Tiger?) to virus/worm/trojans that could be buried in various media? Surely *somebody* wants to earn a feather for being the first to take the "supposedly virus-free" Apple community down.

If you have applied the patch, you are no longer vulnerable to this. The libpng library has not had a bug like this in many years, and this may actually be its very first actual security hole. This is not just a Mac/Windows thing where it hasn't come under fire: libpng is used in many programs on Windows, Mac, and Linux; it may well be one of the most-used pieces of code in the world. You are safe.