Mac “Pwned”

[Yeh, this is a repost of one I took down… and as it turned out, didn’t need to. And I know all the tb pings to the folks listed below are now invalid/broken, but hey, ya know, they were kind enough to provide me with some flogging, so they deserve the linkage from here. And yeh, Perri, I lost your insightful comment. ‘S’way it goes…]

But, but Macs are inherently secure, aren’t they? I mean, don’t the recent Mac ads tout the lack of a need to be security-conscious?


Mac Hacked by QuickTime Bug “As Serious as ANI”

Researchers have confirmed that a QuickTime bug was the Achilles heel that felled a MacBook Pro last week in the Pwn-2-Own contest at the CanSecWest security conference…

…the vulnerability affects not only Safari but also Firefox on Mac OS X. Firefox on Windows may also be at risk…

Oooo, so Macs share a vulnerability with Windows. *heh* Don’t tell the Macrophiles; they’ll be afraid they’ll get cooties. Much as it pains me to admit it, here’s one place where Internet Exploder, in its most recent evil incarnation, betters some of the competition:

…Terri Forslof, manager of security response at TippingPoint, confirmed with me today that any Java-enabled browser is potentially vulnerable. Internet Explorer is not, she said, given its sandbox feature, which “does handle the vulnerability appropriately,” she said.

Opera 6 and 7 had a similar vulnerability in the way they handled Java (patched by Opera almost immediately when discovered), but so far, I think Opera 9 is clear. Any folks know differently? At any rate, the root problem is… QuickTime itself. And, as everyone knows, that makes it a Mac OS problems…

Because Quicktime is installed on the Mac operating system by default, turned on and ready to go, it’s comparable to a Windows media player [sic] bug, she [Forslof] said. “Even though it’s not the main system you compromise, you still own the whole system when you do compromise it. It’s every bit as serious.”

I’ve always hated QuickTime for its rude pre-empting of system preferences and annoying insistence that IT be the default media player, etc., but with multiple security holes discovered in the thing just this year coupled with Apple’s rude, obscurantist and unnecessarily complex patch procedure–unless one is a Mac user, as are about, oh, maybe 1/10 of QuickTime users–has made my move to having a different media player default for playing movs even sweeter.

So, Apple: :-p

