A source-code audit of the open-source operating system from which Apple Computer borrowed much of the code for Mac OS X revealed four vulnerabilities of varying severity in Apple’s software, a security company said Monday.
Darwin flaws survive in Apple’s Mac OS X
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
how not to be a respected security company…
“we did not tell the company involved, but we discussed it on our own private list”
The Free OS Apple maintain as the core of there commercial OS contains the same features and flaws as there commercial OS, I am astounded that this is possible.
*falls on floor*
So thou who protest too much, falls like the rest.. They should have not made some much noise about how they were a secure OS…
This is exactly WHY they are more secure. Having the underlying kernel Open Source, means independant parties, such as this security company, can find more bugs in addition to those found by your programmers. So in the end, more bugs will be found and fixed, leading to a better product than if the underlying kernel was closed source. Apple has chosen the right path.
“The company originally found the flaws in June and published them to a private list of customers but did not notify Apple.”
We will see a security update soon. Thanks to the opensource community.
Rumor has it that the next point release of 10.3 will have a new kernel, this is probably why.
finally someone with sense in this
kids filled os forum.
Winlovers seem not to understand
anything about open-source and its model.
I’m afraid the popularity of i-tunes will pose a even bigger thread.{virus/AD/spyware versus evil playlists}-ratrace?
http://news.bbc.co.uk/1/hi/technology/4184887.stm
Having the underlying kernel Open Source, means independant parties, such as this security company, can find more bugs in addition to those found by your programmers.
Imagine what happens if the whole system is Open Source…
Nah, just kidding. Apple built a nice solid system and it is good that some vulnarabilities are found. This makes the product more secure in the next release cycle.
No software is perfect, but some of it is better written than others and Apple is among the ones that have it written better.
wow amazing, they finally found a security issue, how often does this happen? it happens to microsoft every week, windows is full of security issues. now darwin has four too… brrrrr im really shaking right now….
why is it that i still feel safe on my mac?
Tech journalists should really try to do their job a bit better than this :
“A source-code audit of the open-source operating system from which Apple Computer borrowed much of the code for Mac OS X revealed four vulnerabilities of varying severity in Apple’s software, a security company said Monday.”
Borrowed ? Apple owns Darwin, open sourced it after buying NeXTStep, what has this guy been smoking ?
The report mentionned the logic bug in the at command, but the at command is disabled by default on MacOsX, as you can read it in the unix manual. This issue is then not completely relevant.
Otherwise its good to see that Open source can help to have better and more secure operating systems. That’s why Darwin exits!!!!
on the itunes hack
why would anyone download a playlist?
It might contain mp3s that are not available on your itunes…. strange
Does iTunes not play net radio stations? Playlist files are a fairly standard way of providing the links to radio feeds; they can include multiple sources, so most players will simply skip any that are down and still work. This is how di.fm works for example.
The iTunes problem has already been fixed, just make sure you’ve downloaded 4.7.1.
As for OS X, I think it’s disgusting that a “Security firm” (especially one named ‘Immunity’ – oh the irony) can find a flaw in JUNE, discuss it privately and NOT TELL APPLE! How stupid can you be???
is this a security company???
find a bug, keep it secret for 8 month, then release the information in the open without notifing first the software maker and without providing any hint on the possibile fix…wow…i really think this people should go out of business as first as possibile, this is not security this is the highest insecurity possible!!
(sorry for my bad english, i’m a lazy italian
)
Not telling them is not stupid, it is just not very courteous. Decisions that are contrary to what you find appropriate are not necessarily stupid. For all you know, they may even prefer to expose flaws to their readers without explicitly informing vulnerable parties. It might even be a possible selling point of their service. Your sense of ethics does not necessarily coincide with theirs.
It seems obvious to me that these guys could easily be shills for MS. I mean think about it…Windows has tons of security problems. Let’s prod someone along to find some in OS X too…we know there have to be some (safe bet given the size of the code base)…then just leak it out. Don’t actually tell someone (Apple) that can/will do anything about it.
Borrowed ? Apple owns Darwin, open sourced it after buying NeXTStep, what has this guy been smoking ?>>
Not exactly.
Apple cannot own Darwin, not lock stock and barrel. Look at the copyright statment on it … 1993 University of California Regents.
Now, the BSD licence did not obligate apple to share the code they used, but ’tis cool they did so.
If people think that this is an acceptable model for “security experts” to build their rep on, I’m fine with it. Just don’t piss and moan about 2600 and their ilk.
Beyond that, WTF is up with all of the recent OMFGOMFGOMFG!!!!!!!! over security holes in OSes besides windows? It happens. I think that anyone who understands anything at all about security understands this. No one with half a brain in the *nix or OS X camp ever said that their systems were 100% secure.
Please, get a clue. All developers are human beings, even Open Source developers. All software contains bugs, even Open Source software. No one in the Open Source community has ever claimed otherwise. Instead the claim is that it’s easier to locate and fix bugs in Open Source. Bugs will always be found in software. Open Source allows the good guys to discover them before the bad guys do.
…was superior to commercial developement! How could this happen? More importantly, who is responsible?
I’m not sure we can trust the open source development model….
I thought open source was superior to commercial developement! How could this happen? More importantly, who is responsible?
I’m not sure we can trust the open source development model….
What… you thought this board was for anyone to express their opinion? Boy were you wrong. Any opinion other than the almighty open source view point are moderated down.
Hahaha teh mac sux0rz!!
or whatever…why is this even a big deal besides the fact that a so-called “Security” company finds flaws and hush hushes about it for 8 months before spilling the beans and not letting Apple know first? THAT is the real news here. Hasn’t something similar happened before? Some company tried to rally up a big scare over a non-issue in order to sell more of some software? Something like that anyway. Yeah so OMG FLAWS IN OSX! RUN FOR YOUR LIVES!! k I’m done.
Everything that has a great deal of attention attracts also the more obscure ones.I-tunes isn’t exeption.Windows suffers from their enourmous userbase regarding spy/adware and worms and virusses alike.It’s perhaps not so off topic to think a ratrace could also hit i-tunes.