|Home » Industry Watch
Apple & 3rd Party Patches
So far through MOAB Cupertino have been silent; security pundits think it's high time they spoke up.
'Bug, patch, bug, patch', writes senior editor Kelly Jackson Higgins at Dark Reading. 'It's been a busy month for Apple researchers exposing vulnerabilities in OS X and related applications and then releasing patches for the holes. But these third party patches carry inherent risks of their own.'
As some very serious issues are being uncovered, ordinary users might be fretting - but so far Apple have done nothing. 'As of this posting Apple had not responded to a request for comment or an interview for this article', writes Jackson Higgins.
'It is always possible that a bug in the patch could result in an instability or potentially expose a new exploit scenario', says Landon Fuller in the understatement of the Millennium, what with his precise patch tool Application Enhancer being found to carry a lethal attack vector.
But will Apple actually do anything? MOAB's LMH is undecided, even though he's been in contact with Apple all along. 'I suspect there may be some sort of downplaying attempts', he says.
Meanwhile LMH and MOAB ready the release of a safer Ruby-based patch engine. 'Due to all the hype over these third party patches using a flawed product [APE] I'm going to provide the source code and samples for people willing to work with them.'