'Apple Bugs' Project Lists 10 Mac Security Holes
After announcing they would spend January trying to find flaws in Apple's OS X software , two researchers have published information on 10 vulnerabilities in the Mac so far.
At the beginning of the year, Kevin Finisterre and a hacker who goes only by the name of LMH told news sources that they want to highlight Mac flaws to make OS X, and the programs that run on the system, more secure.
In their effort, dubbed "Month of Apple Bugs," or MoAB, the two claimed to have discovered an abundance of flaws, with the 10 they have recently reported being only the first wave of vulnerabilities they plan to disclose.
Exploit information has been published along with the vulnerability alerts detailing how attackers can take advantage of the flaws. Not all of the bugs are easily exploitable, Finisterre has noted, but many can be used to gain remote control of a Mac.
Bug Hunt
The researchers have acknowledged that the project has the potential to make life more difficult for Mac users, because malicious hackers will be clued in to software flaws that could be exploited. But a wake-up call is needed, according to the pair, because many Mac users have a tendency to think of their systems as bulletproof, even when vulnerabilities are announced.
Other security professionals, however, are not so sure that Apple deserves the glaring attention proposed by Finisterre and LMH. And at least one other researcher is determined to issue patches as quickly as MoAB researchers find flaws.
Independent code creator Landon Fuller has set up a Web site tracking the MoAB vulnerabilities and issuing fixes where he can.
Problem Set
Both Apple and Microsoft are well aware that hackers and other security aficionados enjoy trying to crack their operating systems, and some of these efforts lead to better protection in the form of updates and patches.
But the companies have been vocal in the past about what they consider to be poor form when it comes to reporting the vulnerabilities, saying that releasing exploit code is often irresponsible, and that hackers should deal only with the system maker rather than putting users at risk.
Whether the companies are responsive is a matter of debate; Finisterre has noted that he has contacted Apple in the past about vulnerabilities and gotten no response, but Apple insists that it is quick to look into security issues.
Like Microsoft, Apple urges researchers who discover vulnerabilities to disclose them responsibly, working with the OS vendor to ensure that a patch is available before the world discovers how to exploit the security hole. Unfortunately, not all security researchers play by the rules, and that must be exasperating for Apple as well as for other software vendors
At the beginning of the year, Kevin Finisterre and a hacker who goes only by the name of LMH told news sources that they want to highlight Mac flaws to make OS X, and the programs that run on the system, more secure.
In their effort, dubbed "Month of Apple Bugs," or MoAB, the two claimed to have discovered an abundance of flaws, with the 10 they have recently reported being only the first wave of vulnerabilities they plan to disclose.
Exploit information has been published along with the vulnerability alerts detailing how attackers can take advantage of the flaws. Not all of the bugs are easily exploitable, Finisterre has noted, but many can be used to gain remote control of a Mac.
Bug Hunt
The researchers have acknowledged that the project has the potential to make life more difficult for Mac users, because malicious hackers will be clued in to software flaws that could be exploited. But a wake-up call is needed, according to the pair, because many Mac users have a tendency to think of their systems as bulletproof, even when vulnerabilities are announced.
Other security professionals, however, are not so sure that Apple deserves the glaring attention proposed by Finisterre and LMH. And at least one other researcher is determined to issue patches as quickly as MoAB researchers find flaws.
Independent code creator Landon Fuller has set up a Web site tracking the MoAB vulnerabilities and issuing fixes where he can.
Problem Set
Both Apple and Microsoft are well aware that hackers and other security aficionados enjoy trying to crack their operating systems, and some of these efforts lead to better protection in the form of updates and patches.
But the companies have been vocal in the past about what they consider to be poor form when it comes to reporting the vulnerabilities, saying that releasing exploit code is often irresponsible, and that hackers should deal only with the system maker rather than putting users at risk.
Whether the companies are responsive is a matter of debate; Finisterre has noted that he has contacted Apple in the past about vulnerabilities and gotten no response, but Apple insists that it is quick to look into security issues.
Like Microsoft, Apple urges researchers who discover vulnerabilities to disclose them responsibly, working with the OS vendor to ensure that a patch is available before the world discovers how to exploit the security hole. Unfortunately, not all security researchers play by the rules, and that must be exasperating for Apple as well as for other software vendors
posted by Kintu at
12:37 PM
0 Comments:
Post a Comment
<< Home