About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Home » Industry Watch

OS X Security Update 2006-003 - Update II

There are other critical flaws still not fixed, says Tom Ferris.


Apple fixed thirty one vulnerabilities in one go in their security update 2006-003. Tom Ferris, who reported a great many of them, was impressed. But in an interview with InfoWorld Ferris revealed there's a slew of other equally critical holes Apple are aware of that have not been fixed.

These holes have been previously reported by Ferris to Apple and because they were not remedied in the latest monster update, Ferris may go public with them soon.

Ferris says there are still holes in Safari, QuickTime, and iTunes. These holes, previously reported to Apple, were not fixed in the latest release.

Ferris describes the flaws as 'critical' and says they allow remote code execution.

Ferris says he has also found new holes affecting TIFF files and Apple's infamous BOMArchiver. He has not yet provided further details of these flaws.

InfoWorld attempted to contact Apple to comment on the story but no response was forthcoming.

Note that even if Apple fix all the critical holes to which Ferris refers, they will still have not addressed the architectural flaws which make accessing the Internet with applications other than Apple's own wrought with danger and otherwise 'safe' with at best a scandalously wobbly security model. These flaws will however require a complete overhaul of the OS X file system and such long awaited improvements may take considerably longer.

About | Buy | Forum | Industry Watch | Learning Curve | Products | Search | Twitter | Xnews
Copyright © Rixstep. All rights reserved.