'Month of Apple Bugs' turns up 10 vulnerabilities -- so far

A month-long campaign by two independent security researchers to disclose security flaws in Apple Inc.'s products has so far resulted in 10 vulnerabilities being publicly disclosed -- and several more on the verge of being announced. Exploit information has also been published, along with proof-of-code detailing how to take advantage of the flaws, several of which were described as being remotely exploitable by the researchers.

The disclosures are part of a Month of Apple Bugs (MoAB) effort launched on Jan. 1 by independent security researcher Kevin Finisterre and another researcher identified only by the initials LMH. The goal of the effort, identical in nature to the Month of Kernel Bugs and Month of Browser Bug campaigns in 2006, is to raise public awareness of security issues in Apple's products, according to Finisterre. "[Apple's] creating commercials claiming to be secure, and the user base feels like they are wearing a suit of armor," Finisterre said via e-mail. In reality, "there's NO lack of bugs on OS X from both an application and platform standpoint."

View: The full story
News source: ComputerWorld

Report a problem with article
Previous Story

Burglar-Proof Windows?

Next Story

Both sides in high-def DVD battle hunker down for long fight

25 Comments

Commenting is disabled on this article.

Yeah but third party apps is NOT Apple... it is apps for OSX... one thing

second thing Apple never said it OSX is 100% secure... but it is more secure than windows, and that is 100% true and thats what they say.

third: If someone makes a virus for OSX then 90% of macs plugged on net could be infected and that is 2% of all comps in the world. This is VERY huge number that even worst windows viruses didnt make...
So dont blame it on small userbase.
And btw i use both systems...

For all of you who are complaining that the flaws are not OSX flaws, I am wondering how well you can read, because last I checked it was called Month of Apple Bugs, not Month of OSX Bugs, and so any bug or flaw that they find, that is executable on an Apple machine is fair game.

all I ask is that you READ

read? in here... plz... you are insulting everyone's intelligence...

everyone knows that if you look at the title you already know everything the article has

[/sarcasm]

There's nothing particularly bad that can come from this in the future, more holes that will be patched, it's how security works.

But, as people have pointed out above me, this is not nearly as shocking or groundbreaking as I think these people wanted it all to seem.

"[Apple's] creating commercials claiming to be secure, and the user base feels like they are wearing a suit of armor,"

It's sure nice to see someone defeating Apple's "claims" with solid evidence that proves their advertised claims are not only untrue but laughable.

when bugs are found in windows and someone points out at pc userbase, they call him ms fanboy.
when bugs are found in macos and someone points out at mac userbase, they call him ms fanboy.

DKAngel said,
now osx is starting to look like swiss cheese =]

That's laughable. Take a look at the list of bugs they've found so far. A good number of them are for applications, not the system itself, and many of those are cross-platform and from third-party developers (which is fine, but don't throw that on Apple).

We're finally starting to see some flaws in the system itself, though they all seem to be related to the handling of DMG files and a few look suspiciously like known bugs. I do hope the rest of the month sees further system bugs rather than ones for the third-party apps that affect more than just OS X.

I continue to wonder if these guys are giving the third-party developers the courtesy of prior-notification (responsible disclosure) even if they've stated they aren't for Apple. To do otherwise is to show a complete lack of professional courtesy and ethics.

In fact, Omni was not informed (LMH claims this is about Apple's poor response), but they fixed the bug immediately and would have appreciated a notification.

Funny that LMH claims he has "lost count" of the number of bugs he's found, but we've only got 11 for 12 days and 3 are for non-Apple software.

Apple is based on Unix, which is what linux is based on. Any smart person in the computer industry knows that Unix is far superior to any MS operating system in terms of stability and security. Thus, Apple definately has reason to defend it's secure standpoint.

Here's the critical flaw in your argument, you said "it's secure standpoint"

While it may be MORE secure, they market it as COMPLETELY secure, which is COMPLETELY false. And any SMART person know that!

ken, your argument is absurd. They do not market it as completely secure. They statement is false. And any smart person knows that!

While it's stupid to say they wouldn't be any bugs in OS X (i know of a few), they seem to be focusing on apps for apple, not apple apps, like the VLC bug they had, it wasn't limited to OS X.

It still proves that Apple products aren't any more secure than anyone elses products - they just have a lesser userbase (thus a smaller target).

Actually they're heaps more secure. Vulnerabilities are one thing, being able to exploit them is another. There's still no Mac OS X malware in the wild, despite rising market share. (And don't you think hackers would love to be the first to take it down??)

Neomac v6 said,
Actually they're heaps more secure. Vulnerabilities are one thing, being able to exploit them is another. There's still no Mac OS X malware in the wild, despite rising market share. (And don't you think hackers would love to be the first to take it down??)

The marketshare for the Mac is still so incredibly small that clearly no one is going to target malware at it. Not only does the Mac need a large enough userbase for malware distributors to bother, but it needs enough that they will take the time to learn how to develop for the Mac - which most of them probably don't know how to do.

It has nothing to do with the OS being innately "more secure."

Brandon Live said,

The marketshare for the Mac is still so incredibly small that clearly no one is going to target malware at it. Not only does the Mac need a large enough userbase for malware distributors to bother, but it needs enough that they will take the time to learn how to develop for the Mac - which most of them probably don't know how to do.

It has nothing to do with the OS being innately "more secure."

Consider the market share for Mac OS 9 when it was the main os for Apple. There were plenty of bugs, malware, viruses, etc. It has nothing to do with the market share and everything to do with the os being innately "more secure".