And these guys don't seem to really be testing an out-of-the-box OS X Mac.
On almost every Mac site you will find posts from Mac users who have attempted to try their demonstration "exploits" and found they DO NOT WORK!
Why is that?
Out of the four flaws found so far, according to their requirements to duplicate their "flaws," flaws #1, #3 and #4 require an installed "working Ruby interpreter" and #2 requires an installed "working Perl interpreter."
Ruby and Perl are UNIX programming languages that are NOT installed by default on OS X. They probably exist on MOAB's computers 'cause that's what they are doing... writing programs in UNIX that they claim are flaws in OS X. They have chosen at some time in the past to install Ruby and Perl... and probably Python and several other UNIX languages.
BUT, for-q, those are NOT part of a default OS X Installation!
Like Maynor and Ellch, apparently they are not above tossing ringers into the mix either... but then Maynor is one of of their code contributers. Or are they just sticking "lit cigarettes into the eyes of Mac users?"
Ok, so we only count the OS out of the box with OS patches (I presume).
Well that makes the MAC even more useless if you can't install the handfull of programs on it without making it a security risk. I thought the OS was so well designed the OS wouldn't allow a program to do such things.
I guess I was misled (again) by the MAC fanbase claiming it was uber secure and nothing could break their security model...not even the typical non-techy, peacenik, MAC user. (I'm not saying you're a peacenik or non-techy, but the majority of Mac users are).
Let's double-check that. I believe that Perl and Ruby are part of the standard distribution. Open your Terminal.app and try a couple of commands -
perl -v
ruby -v
That will print the version numbers if they're installed on your system.
So far, moab is not attacking Ruby - they're using Ruby to generate the attack.