Your Apple-Fu Is Impressive!
Yesterday, DaveG posted “When OSX Worms Attack” [link to http://www.matasano.com/log/2006/02/when-osx-worms-attack.html no longer works] Its some good analysis of the three Apple Worms:
Safari/Mail Vulnerability: Far more interesting. This is a serious vulnerability that needs to be fixed. If you are Mac user, I would at the very least uncheck ‘Open Safe Files’ in Safari preferences. I don’t understand why Apple isn’t advising people on this better. This vulnerability is public, trivial to exploit, and we are at the 7 day mark.
Just a bit over a day later, Apple ships APPLE-SA-2006-03-01 [link to http://docs.info.apple.com/article.html?artnum=303382 no longer works], with about 21 CVE marked vulns, and two extra “security enhancements.” Some of it is confusing, for example, “Authenticated users may cause an rsync server to crash or execute arbitrary code” I understand neither the ordering or the lack of specificity.
“Crash” is what happens when I write exploit. “Execute arbitrary code” happens when DaveG writes exploits. So what’s happening? Is it “there’s an overflow, and we’re not sure if you can turn it into run code, and we fixed it?” That’s ok. No, I take it back. That’s great! I don’t want to have to prove that I can execute an overflow to see it fixed. Preemptive fixing is a great plan. If that’s what’s happening, please keep it up, and then please brag about it.
(Image stolen from the F-Secure blog.)