Apple Security update for Mavericks Users Ping!
Discuss technical issues, software, and hardware.
Don't attack people!
Don't respond to the Anti-Apple Thread Trolls!
PLEASE IGNORE THEM!!!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 02/21/2014 5:51:18 PM PST by Red in Blue PA
SAN FRANCISCO (Reuters) - A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said in a Friday afternoon announcement.
If attackers have access to a user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook, experts said.
"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.
(Excerpt) Read more at finance.yahoo.com ...
There's a setting for that:
Firefox Menu -> Preferences -> Tabs -> check: "When I open a link in a new tab, switch to it immediately"
Geez, for-q. Please stop being such an ass and misquoting Swordmaker. He never has said any such thing.
> Hell Microsoft hasn’t had a screw up this bad in over a decade.
You been asleep for a decade? That's not even a good joke, it's just false.
Hate to say it, for-q, but your slurs have become really, really boring and your inaccurate comments sound stupider with every retort. Since you're probably not actually stupid, why not try sounding more intelligent, and discuss the problem that way? It's easy:
- Apple screwed the pooch on some SSL cert checking code, opening up a vulnerability.
- They were able to roll out a fix for iOS devices very rapidly, and did so.
- The fix for OS-X (I assume actually for Safari) will take a little longer, perhaps because of the greater testing required in the much wider environment of OS-X (iOS is a fairly tightly controlled embedded environment).
You don't want to compare that error and response to numerous MS security screwups of the last decade, or MS's typical response time, trust me. Everybody screws up from time to time, and this one, while potentially serious, is nothing like the worst of the bunch.
Seriously, for-q. Get a grip. You're embarrassing yourself. Have a great evening.
Bet you one dollar that 'flaw' was designed and provided by the NSA, and Apple dutifully installed it.
Bingo.
You thought and heard wrong. Only the Apple haters say that bogus crap. Apple fans are often over-amped but they're generally not delusional, and they know that everybody makes mistakes, including Apple.
It cracks me up no end, that the folks who spend the most time spreading the story that Apple products are flawless are the very ones who hate Apple. You'd think they'd have learned by now, but apparently not. You're increasing Apple's profit margin every time you spout that silliness. (Not that I care, I don't own stock in any of these damn tech companies.)
I doubt it. I saw an article with what claimed to be the flawed code, and it was way too obvious -- looked to me like a copy/paste error with a conditional line repeated, resulting in a few lines of code that would never be executed.
What's really embarrassing for Apple is that even the simplest of static analysis code checks should have pointed that right out. And that means either a) what I saw wasn't the real error, or b) Apple doesn't use static code analysis. The latter is a mistake of significant magnitude.
Thanks.
Microsoft has its share, but the worst one right now is Adobe Flash, a far worse vulnerability than this. Take a look at the top three on this page (from 2/21):
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.That's a very serious problem affecting Windows, MacOS and Linux - allowing a root kit to be installed without you doing anything, and without any visible sign. I strongly suggest installing ClickToFlash or something similar at least.
This Apple flaw is only a problem if you're on a public, unsecured network. If you're on a secure hotspot, or connected to a wired network (as I am at the moment), there's no vulnerability. At any rate, I'm sure Apple will roll out a MacOS fix quickly - it should be an easy one at least.
Does using a VPN in a public place help mitigate this?
Actually, you are wrong.
I know of several Apple fanboys who claim Apple products are not vulnerable to viruses yada yada yada. Over the years, I have known many of them, and they were all Apple fans, contrary to your claims.
Well, we have to be careful about our terms.
There are lots of malware types that are erroneously called viruses -- Trojans, email scams, phishing scams, keyloggers, etc. etc.
A true virus is self-sustaining, self-replicating malware that attacks the OS, inserts itself somewhere, does stuff, and then spreads itself without human help. That's what a computer virus is.
There are no "true viruses" in the wild for OS-X. There are a few laboratory curiosities, and there have been claims, but they always turn out to be something else that needs a human to download or install or replicate.
There certainly are a good number of human-vectored non-virus malwares that attack folks using OS-X. Call them something else, but they're not really viruses. It's a specific technical term, when used correctly. Do you call your car's engine a "wheel"? Okay, so don't call other types of malware a "virus".
Let's agree on this -- Apple fanboys got way too cocky years ago and some of that crap talk hasn't died out, so there probably are some die-hards who spout nonsense. There are some of those in every camp, why not in Apple's camp too.
But although they would be full of shit if they were saying Apple products are not vulnerable to malware -- that's clearly false -- they would be ALMOST correct if they are being specific about true viruses, because no one has built a successful one yet.
Why "almost"? Because it's always possible somebody will. So to claim invulnerability into the future is silly, and they shouldn't do it.
You can tell folks that OS-X Mavericks 10.9.2 is released for update, containing the fix.
Earlier releases of OS-X (Mountain Lion 10.8 and earlier) were not affected by the flaw and do not require update.
Looks like this tempest is over. The techblog headline writers who jizz in their pants while writing "Apple" and "Security Flaw" in the same line can now go back to writing about Windows XP's imminent death, waiting for the next batch of Windows Updates, or whatever they do in normal life.
If you want on or off the Mac Ping List, Freepmail me.
You been asleep for a decade? That's not even a good joke, it's just false.
Complete Microsoft EMET Bypass Developed
I figure that's in the same league, and conviniently enough, appears to have been announced yesterday.
Rapidly...this big is over 1 year old!!!! Lmao.
Nope applebots have repeatedly told that lie for over 10 years.
By that definition when was the last virus on a supported windows platform? Oh there are none!
I must be missing the point what’s the vulnerability in the OS that’s similar to ios and OSX bug?
Thanks Swordmaker.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.