Mac OS X security advisory

Macintouch.com ^ | May 19, 2004

[HAL9000]

I expect Apple will have a security update for this soon.

Be cautious about downloading ".dmg" disk image files until then.

[dyed_in_the_wool]

Wow, they only need 11 more "critical patches" to catch up to Windows this year.

[RedBloodedAmerican]

This is impossible. I look for it to be on snopes soon. Apple/MAC doesn't have security or code issues. I was told so.

[RedBloodedAmerican]

This has to be a joke, right? Even Bill uses MAC now, or so they say...

[TomGuy]

I thought Mac's were immune from these sorts of things.

lol.

[Izzy Dunne]

Apple really did a braindead move on this one.

[arkady_renko]

Is this from The Onion?

A_R

[HAL9000]

It is possible to download and install a malicious program that will delete files on Mac OS X, but there are safeguards to prevent the destruction of files belonging to the operating system or other user accounts.

On Windows, this sort of vulnerability could easily wipe out everything.

More importantly, there aren't any worms or self-propagating viruses for Mac OS X yet.

[DallasMike]

I refuse to believe this. We're constantly told that Macs -- especially OS X -- have no security issues at all.

Having said that, I use Linux often and wish I had a Mac. Both are great but I'm not going to be lulled into a false sense of security that they're somehow immune to viruses and other nasties.

[D-fendr]

I use both Windows and Mac machines and the time, money and worry spent on security for the Mac is several order of magnitudes less than the Mac.

Every 'puter needs care, but if I were recommending one for internet use for my mother, g'ma or kids, anyone not techinically inclined, it'd be an easy choice: Mac.

[avg_freeper]

So any website could embed a malicious script like "rm -rf" in it and Safari would direct Apple's help app' to execute it. Not good.

[Bush2000]

Repeat after me: "My Mac is impervious to security attacks. Only Windows users have those kinds of problems. I'm too busy enjoying my Mac lifestyle to worry about such things. Don't you think my Mac coordinates nicely with my plastic furniture and goatee?"

[HAL9000]

"Don't you think my Mac coordinates nicely with my plastic furniture and goatee?"

What goatee? I only have an occasional five-o'clock shadow.

There might be some plastic in my Herman-Miller Aeron chair.

[ThinkDifferent]

So any website could embed a malicious script like "rm -rf" in it and Safari would direct Apple's help app' to execute it. Not good.

Very true. I get the feeling somebody in Cupertino will be looking for a new job shortly. This should have gotten caught in even the most basic security audit.

[avg_freeper]

For the first time since owning macs I'm starting to get weary of these security failures. This one is very easily exploited. It will probably be easily and quickly fixed too but I'm starting to think "what else has holes in it?"

[Swordmaker]

So any website could embed a malicious script like "rm -rf" in it and Safari would direct Apple's help app' to execute it. Not good.

Not quite. It could do some damage but such sweeping commands would require root access. This cannot activate root. It could damage or erase only files in the users home folder.

[avg_freeper]

But couldn't it do anything from that users home directory "~/" down?

I have a separate administrator account I only log in for maintenance and software installation so that, applications, and system files would be ok. But I still wouldn't want to lose all my user files. And I've been a bad boy about not backing up even though I have a DVD-RAM drive and all.<--my fault

[avg_freeper]

Sorry, I didn't read your whole post. You already mentioned that.

[Bush2000]

But couldn't it do anything from that users home directory "~/" down?

Of course it can -- because the current user has the ability to do the same.

God knows, nobody ever stores documents under their "~/" folder. Why would deleting them cause a problem? /SARCASM

[avg_freeper]

The fact is, it wouldn't be that big of a problem if the script just fouled with all my system folders. It would be tedious but I can reinstall all of that from disk .

But if my user directory is zapped who's going to replace my 4.5 min video of a friend on the night that he discovered

although it sometimes (when your drunk) seems like it would be a good idea to try to "mud-ski" by lassoing up to a large pig and yelling "GO PIG!!!!!" the truth is much, much more entertaining