Mac OS X riddled with security holes

TechWorld ^ | 04 May 2004 | Kieren McCarthy

[Incorrigible]

I'm shocked! Shocked I tell you!

[rightwingextremist1776]

What, something other than Microsoft needs patches? Say it ain't so! What will the Mac-ro-maniacs do now? Switch to Linux?

[RedBloodedAmerican]

[Salo]

Downloaded and installed yesterday.

[K1avg]

The thing is, though, Apple's total market share is so dismally small that no one would bother attempting to exploit any security holes. What's the point, after all? Same with Linux...

[js1138]

Look like MocOphiles will eventually have to learn something about computers.

[Freemeorkillme]

Leave it to good 'ol mudge and the boys to force Apple to bite.

[ambrose]

bump.

[glorgau]

Secunia seems to be selling virus "curing" software. Methinks they are trying to drum up a little business.

[FourPeas]

Well, Secunia isn't the only one here's an article from ZDNET:

Apple criticized for security advisories

[Swordmaker]

Mac Ping list.

This article claims the SASSER WORM, which is reported to have invaded millions of computers worldwide, is a minor issue compared to the Mac patches for NON-exploited minor security issues.

[litany_of_lies]

I use a Mac, and am under no illusions that its security is foolproof. Even ignoring the fact that its market share is so small that it's not worth the bother for hackers and virus writers trying to get their jollies, I think the Mac is a bit more secure than a Windows machine, simply because their methods of trying to make sure you stay up-to-date are better.

I would be more impressed that there's a bigger problem if there were more than one security firm expressing alarm. It seems speculative, but worth paying attention to, at this point.

[litany_of_lies]

Apple is a ridiculously secretive and paranoid company, so you can't tell whether its cryptic security updates are just a way to keep users calm about relatively unimportant stuff or a serious coverup of potential dangers. I opt for the former, because Apple is also quite condescending and patronizing to its users (they succeed because of the fabulous machines even though on balance it's a pretty poorly run business, at least on the computer side, IMHO-the music side seems to have its act together).

[Swordmaker]

Let's see what Secunia actually has to say about this. Here are the FIVE (5) security issues that have "riddled" OS-X:

1) Some older vulnerabilities in Apache 2 can be exploited by malicious people to inject malicious characters into log files and cause a DoS (Denial of Service). . .

2) Two vulnerabilities in the IPSec implementation can be exploited by malicious people to conduct MitM attacks (Man-in-the-Middle), establish unauthorised connections, or cause a DoS. . .

3) A vulnerability within AppleFileServer can be exploited by malicious people to compromise a vulnerable system. . .

The vulnerability is caused due to a boundary error within the password handling. This can be exploited to cause a buffer overflow by passing an AFP "LoginExt" packet with a string in the "PathName" field, which is longer than the value specified in the packet.

Successful exploitation allows execution of arbitrary code with "root" privileges.

4) An unspecified vulnerability exists within the CoreFoundation when handling environment variables. This may potentially be a privilege escalation vulnerability. This has not been confirmed, though.

5) An unspecified vulnerability exists within RAdmin when handling large requests. This may potentially be a system compromise issue. This has not been confirmed, though. According to the vendor, only version 10.2.8 is affected.

NOTE: The severity has been set to "Highly critical" because the unspecified issues are likely to be more severe than claimed by the vendor.

This conclusion is based on the fact that Apple merely describes vulnerability 3 as an attempt to "improve the handling of long passwords". However, according to @stake, the vulnerability can in fact be exploited to compromise a vulnerable system.

Let's see... Security issues 1,2 and 3 have already been covered on FreeRepublic and were found to be minor, unexploited and unlikely to be capable of spreading beyond an attacked computer. Issue #1 allows some extraneous charachters to be inserted into a "log file"... tell me, does anyone out there EXECUTE log files, even on a Microsoft computer? Having a Denial of Service occur because of a corrupted log file is not too serious a security breech. It might prevent business from being conducted but it won't allow a remote access of data files. Log files are TEXT files to be read. Issue #2 requires the much more serious security breech of allowing a malicious server to exist on your network so that the rogue server can intercept communications to a permitted "honest" server. This is an issue that can hit Windows users as well. In issue #3, @Stake was unable to demonstrate the exploit could be used to execute code.

Issues 4 and 5 were only "discovered" because Apple announced their fixes for these "issues". They are under no requirement to release the description so that hackers can attempt to damage un-updated computers.

NONE of these minor issues can even be included in the same rank as the security hole being exploited by SASSER in Microsoft's products in which malicious code is invading computers AND executing itself.

So we have THREE known issues and two more previously unknown issues that have NOW BEEN FIXED in the Apple OSX system. This hardly earns the highly exagerated headline "Mac OS X riddled with security holes"!

Talk about hyperbole.

[xrp]

Hah...the Sasser Worm. No such infections here. Of course, I properly secure my Windows (and *NIX) systems.

[PA Engineer]

Whats a MocOphiles?

[Swordmaker]

A search of Secunia's website for OSX and OS-X, plus the word "virus" resulted in ZERO hits...

Another search for "OS X virus" resulted in lots of hits... but all about articles with the word "virus" only. Strange, they were all about Windows machines for the most part!

There were a spattering of "linux" hits.

Incidentally, searching for "OSX" for security advisories on Seconia, only 33 hits were reported. Zero viruses.

Searching for "Windows" resulted in 264 security advisories and 7378 basic virus definitions.

Searching for "Linux" resulted in 1589 security advisories and 2633 basic viruses for Linux. Sorry Penguins...

[Swordmaker]

Hah...the Sasser Worm. No such infections here. Of course, I properly secure my Windows (and *NIX) systems.

I fielded a flurry of calls today from current clients using Microsoft Windows wanting assurance that they were safe from SASSER. Since I had long since updated them, I was able to assure them they were.

However, I find that the majority of Windows users that I see as first time clients have NEVER updated since their machines were new... even those with highspeed internet connections. They all tell me they ignore the alerts. Now THEY are vulnerable.

[Hank Rearden]

Whats a MocOphiles?

They're similar to those annoying MacMoonies, but they don't hang around airports in long flowing robes, trying to "act different".

They do, for the most part, have scraggly hipster-wannabe goatees though.