1. Secunia sells Mac security software. Hence it is in their best interests to make the Mac appear less secure. Therefore they try to "amp" up the count of vulnerabilities Mac OS X has. An actual pro would present data from a less biased source.
2. Even so, according to that page you linked to: "Most Critical Unpatched The most severe unpatched Secunia advisory affecting Apple Macintosh OS X, with all vendor patches applied, is rated Less critical"
3. I hate to be the one to break this to you, Mr. "Security Professional", but there is a big difference between a vunerability and the ability to exploit said vunerability. So far, even though vulnerabilities have been found (hey, it's an OS created by human engineers), no effective exploit has been found to take advantage of these breif vulnerabilites. In other words, no attack has been able to be executed for real.
(Yes, there was that guy who figured out how to exploit QuickTime & Java - luckily he was a real security pro who found a way to alert Apple so they could close the hole before it was exploited in the field.)
I guess you're one of those yahoos who hang out a "Security Pro!" shingle, and await for what suckers walk in your door. Thanks for reminding me why I've been avoiding the Windows World for the past 20 years!
Yea, that’s why we get so many IAVAs in DOD on the OS X platform. I suppose the DOD sells security software as well. You don’t have a clue do you?
“I hate to be the one to break this to you, Mr. “Security Professional”, but there is a big difference between a vunerability and the ability to exploit said vunerability. So far, even though vulnerabilities have been found (hey, it’s an OS created by human engineers), no effective exploit has been found to take advantage of these breif vulnerabilites. In other words, no attack has been able to be executed for real.”
Actually there are a number of Mac exploits in the Metasploit project framework. :)
http://framework.metasploit.com/exploits/view/?refname=osx:afp:loginext
AppleFileServer LoginExt PathName Overflow
This module exploits a stack overflow in the AppleFileServer service on MacOS X. This vulnerability was originally reported by Atstake and was actually one of the few useful advisories ever published by that company. You only have one chance to exploit this bug. This particular exploit uses a stack-based return address that will only work under optimal conditions.
This module (revision 4498) was provided by hdm, under the Metasploit Framework License.
External references:
* http://www.securityfocus.com/bid/10271
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0430
* http://www.osvdb.org/5762
* http://milw0rm.com/metasploit/2
Targets:
* Mac OS X 10.3.3
http://framework.metasploit.com/exploits/view/?refname=osx:arkeia:type77
Arkeia Backup Client Type 77 Overflow (Mac OS X)
This module exploits a stack overflow in the Arkeia backup client for the Mac OS X platform. This vulnerability affects all versions up to and including 5.3.3 and has been tested with Arkeia 5.3.1 on Mac OS X 10.3.5.
This module (revision 4498) was provided by hdm, under the Metasploit Framework License.
External references:
* http://www.osvdb.org/14011
* http://www.securityfocus.com/bid/12594
* http://lists.netsys.com/pipermail/full-disclosure/2005-February/031831.html
* http://milw0rm.com/metasploit/6
Targets:
* Arkeia 5.3.1 Stack Return (boot)
http://framework.metasploit.com/exploits/view/?refname=osx:samba:trans2open
Samba trans2open Overflow (Mac OS X)
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems.
This module (revision 4498) was provided by hdm, under the Metasploit Framework License.
External references:
* http://www.securityfocus.com/bid/7294
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0201
* http://www.osvdb.org/4469
* http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
* http://milw0rm.com/metasploit/54
Targets:
* Stack Brute Force
Then there’s Immunity CANVAS
http://immunitysec.com/news-latest.shtml
Miami Beach, FL - (June 4, 2007) - Immunity brings you a flurry of exciting new exploits this June, including a reliable remote root exploit for OS X on both Intel and PPC platforms.