I have never said that Mac OS X is not susceptible to exploits. Nor will you find anywhere where I have said that it is perfect. That is a straw man argument set up by you.
Yes, the Ruby and Perl are distributed by Apple... but not on the OS X install disk. It is a separate disk with extra utilities such as X11 and a host of UNIX apps.
Yes. If I install it, I'm vulnerable... if I run it in the background. I can think of no reason to do that since I am not coding all day.
Incidentally, the #4 MoAB merely crashes the iPhoto application and cannot execute any code. The crash point is an invalid call to a data location. It is a bug but not a vulnerability:
In this case (MOAB 4), a function (vsprintf) is called with invalid parameters, making this function use a pointer that is invalid, to access data, not to execute code, it crashes with a memory access error.This particular bug can't cause the execution of arbitrary code, it's not what happens with his example, and even if he changes the parameters, it's NOT going to happen, ever!
Some bugs can cause either invalid access to memory, or execution of arbitrary code, but certainly not this one. . .
vprintf is just accessing data, it's not using any pointers to execute code, and this bug is NOT changing the return address, and never will.
Since it is a "bug" I won't criticize their including it in the Month of Apple Bugs. I will criticize their hyperbolic claim that it will allow arbitrary code execution.
So what about MOAB 1, 2, & 3? Are those exploits or bugs?
Also as far as does it count because it uses ruby to get to the exploit. So if Windows services for Unix is installed and allows anyone in the world to do whatever they want on a windows 2003 server...that wouldn't count as a Microsoft OS vulnerability? And you'll be on FR arguing how it's not a real issue becaues it not an OS bug but only impacts those users/businesses that chose to install unix services on Windows?
See now doesn't that sound crazy?