Tech Blog.org is all about technology.
Read the latest technology news, events, gossip and what's happening in the world of technology.   Home | Write to us


Top researcher criticizes Apple

May 5, 2004

A top computer sciences researcher has again taken Apple Computer in a case for not properly labeling the seriousness of the large security flaws described in its published advisories.

Five vulnerabilities released Monday affect various components of the Mac OS X operating system. The greatest threat is a buffer overflow in the Apple file-sharing system that could allow a remote attacker to take over control of the system. But the company described it as a correction "to improve the handling of long passwords."

Advertise on TechBlog today, and watch your ROI go up. TechBlog is currently read by over 100,000 people in the technology field every week. Click here to find out more.

"They are not characterizing the issue so that people can make a security decision about it," said Chris Wysopal, vice president of research and development at @Stake, a digital security firm that found the flaw and reported it to Apple. "It seems they think that everyone will update their computers all the time, and that is not the way the world works."

Most security companies normally classify a remotely exploitable software flaw as a "critical" vulnerability.

Wysopal is the second researcher in a week to criticize Apple for downplaying the vulnerabilities in its system. eEye Digital Security, the company that found a flaw in Apple's QuickTime multimedia player in February, also claimed that Apple is not properly characterizing vulnerabilities.

Apple said the flaw in the QuickTime movie player for Mac OS X could cause the player to crash. "Playing a malformed .mov (movie) file could cause QuickTime to terminate," the company stated in an advisory it published late Friday afternoon.

However, eEye said a movie file could potentially be created that would cause malicious code to execute when the user opened the file.

"We told them that if you are not able to execute code, then talk to us, so we can show you the issues," said Marc Maiffret, chief hacking officer at eEye.

An Apple representative could not be reached for comment.

Four flaws, including the flaw in the AppleFileServer, affect Mac OS X 10.2.8, or "Jaguar." All five flaws affect Mac OS X 10.3.3, also known as "Panther."

Source: C-Net News

Back to top of page

Bookmark this Tech Blog by clicking here.

         Tech Blog is hosted by Avantex

| Home | Tech news | New technologies | Tech articles | Write to us |

Copyright © Tech Blog.org 2004. All rights reserved.
Tech Blog News Section

New Technologies
Tech Industry News

Home

Search the Web
Drop your email address & receive our free weekly newsletter

Blogs of interest:
Search Engine News
Top S. Engine News
More S.Engine News

SEO Help

e-Commerce News
Hi-Tech Industry News
Web Hosting News
Web Services News

Sales Blog

International News

Tech Blog.org is sponsered by the General Center for Internet Services Inc. (GCIS), Canada's oldest and largest Internet application developer and B2B integrator, in business since 1996. Click here to visit our website.

Tech Blog.org - All About Technology          Tech Blog.org - All About Technology

Advertise on Tech Blog and increase your Web visibility: advertise@techblog.org

Advertisers:
GCIS Inc.
escalate™
Sun Hosting
Vehicules
Site Clicks™
Immeubles
Job Registry
Advertorial
Camion B2B
Net Security
DVD Universe
Optimisation™
Job Connexion
Wholesale W.H.
B.P.Web Hosting
Firewall Sentinel™
My Web Services™
High Impact Names
Cargo Connexion™
S.E. Positioning
Hébergement Canada
Montreal Web Design
Global Business Listing
Hébergement de Site™
Internet Serv. Broker
Gen. Cn. Internet Serv.