On 2010-04-06 20:04 , Bruce Walker wrote:
Possible security hazards are found all the time, and fixed, most often in a timely fashion. A big Mac OS X update was released last week that fixed dozens of security issues uncovered by researchers. *However*, there aren't any known exploits out there that need concern any Mac users, and as far as I can recall there never have been any to date.
there have been quite a few exploits over the years; many but not all are found by white hats and are kept under wraps until Apple releases a fix; now and then the white hats turn grey when they get frustrated by Apple's slow response, so they publish the exploits to prod Apple along; below are several articles which mention exploitable vectors, some of which were published before Apple released a fix; the situation is not that different from other platforms (i would include PDF & Flash as platforms for this purpose); i also believe many of the information harvesting techniques using JavaScript in Adobe Reader are exploitable on Macs, but i couldn't find specific citations in a pinch
<http://www.betanews.com/article/ZeroDay-Mac-OS-X-Exploit-Disclosed/1164151572> <http://www.internetnews.com/security/article.php/3831356> <http://www.securecomputing.net.au/News/170474,20-zero-day-flaws-in-apples-os-x-to-be-revealed-at-conference.aspx> <http://ithreats.net/2008/06/20/zero-day-os-x-ard-agent-root-escalation-vulnerability/> <http://www.nist.org/news.php?extend.85> <http://www.scmagazineus.com/iphone-ie-8-firefox-succumb-to-exploits-in-pwn2own/article/166569/> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324> -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
