|Home » Learning Curve
Information about Apple's latest security update.
Q: Have Apple fixed all outstanding security issues with 2006-003?
A: Most of them. Most of the issues currently published. However Tom Ferris says Apple have only fixed the outstanding issues he has previously published. He says further that there are other critical flaws which he has not published and which Apple have consequently not yet addressed. Ferris claims these flaws can also lead to arbitrary execution of code.
Q: What else do Apple need to fix?
A: Apple need to collaborate with Ferris (and all who've reported to them) and fix these additional flaws as well. Apple also need to address the underlying flaws that are rooted in the filesystem architecture itself.
Q: What are the underlying flaws that remain to be fixed?
A: In a nutshell, 'what you see is not what you get' when it comes to opening and previewing files of an unknown nature. The logical thing would be for the OS to use the same code as is used for 'opening' for 'previewing'. Unfortunately that is not the case at present.
Q: Apple introduced something they call 'download validation'. How effectively does that protect me?
A: Minimally at best. This is an 'ad hoc patch': it doesn't address the underlying flaw in the system - it only attempts to put some chewing gum on the hole for now - and it only helps you if you are using Apple's own web applications such as Safari, iChat, and Mail. If you use OmniWeb, Camino, Firefox, Thunderbird, or Eudora, you are not protected. The flaw is in the operating system itself.
Q: What is needed to fix this hole properly?
A: A complete overhaul of the OS X filesystem. Realistically it is time to scrap the HFS filesystem once and for all. This file system has whiskers and was written for a different operating system for a different time and purpose.
Q: What is this 'POSIX compliance' I keep hearing about?
A: POSIX is a platform independent standard for compliance with 'Unix'. Being POSIX compliant means your system will run as any Unix system will run. OS X is not POSIX compliant, no matter what Apple claim. Unofficially at least they will admit this.
Q: Why isn't OS X POSIX compliant?
A: There are many reasons, but most have to do with the filesystem HFS. HFS is one of the few filesystems in use today that cannot be made POSIX compliant. Even dusty filesystems such as MS-DOS could be made POSIX compliant in a pinch. HFS cannot.
Q: Is OS X safer than Windows?
A: Of course.
Q: Is OS X as safe as Unix?