The Inquirer-Home

Apple refuses to fix 10 year old bugs

Security boffin's rant
Thu Jan 26 2006, 06:54
A SECURITY expert has warned that Apple's OS X is full of security flaws that were fixed on other operating systems more than a decade ago.

Neil Archibald, senior security researcher at software security specialists Suresec, told ZDNet that while there is no problem at the moment, if OSX becomes popular it could become of interest to hackers. He said that if hackers lifted the bonnet up of the operating system they will find plenty of "low-hanging bugs" to play with.

Apparently the problem is that Apple does not use software auditing tools to scan enough of its super soar away software.

This means that applications and libraries are under-audited and have coding mistakes which could create buffer overflow errors, he said.

Archibald was the bloke who spotted the "dsidentity" bug which could easily have been exploited to grant a non-privileged user with admin rights and allow that user to create and remove "root" user accounts. While Apple fixed the bug, it would have been revealed with a simple glance over the code, Archibald claims.

He was critical about the way Apple deals with security researchers who find holes in its software. The company was slow to respond and tended to think that researchers should to wait indefinitely to release the vulnerabilities while offering them no incentive.

More ZD Net.


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?