|Home » Industry Watch
Apple don't believe in it. You suffer.
Full disclosure is the philosophy of publishing news about security vulnerabilities as soon as they are known. It is generally regarded as the only way computer users have a chance to protect themselves. It has many parallels in other markets.
Its opposite is 'security through obscurity'. Security through obscurity means trying to keep vulnerabilities a secret. Security through obscurity is generally regarded as not only futile but dangerous: ordinary computer users don't hear about dangers but black hats know them all.
Apple's OS X is, like Microsoft's XP, a hodgepodge. Microsoft took the relatively clean design of VMS and corrupted it with commercial compromises. VMS is generally regarded as bulletproof; Microsoft's flagship is a sieve.
Apple's OS X also suffers from commercial compromises. Apple took the relatively clean design of NeXTSTEP with an underbody of FreeBSD and MACH and corrupted it. FreeBSD, like BSD, OpenBSD, and NetBSD, has been successfully vetted over the years for security weaknesses.
But Apple, like Microsoft, are going it alone. Apple introduce new features into their operating system without properly vetting them, and because theirs is essentially a 'closed source' development model, little vetting is possible.
The web is ripe with published security weaknesses for Microsoft's OS. Although exploits for other systems do crop up from time to time, the overwhelming majority of exploits belong to the NT/2K/XP/Vista family. Yet few vulnerabilities found in Microsoft's OS approach the severity of those found to be lurking in OS X.
Apple have taken measures to eliminate these weaknesses in their latest release, but these fixes do not address the overriding issue of what happens to users who have not yet upgraded. Apple's information on these weaknesses is almost non-existent: in none of the recently discussed cases have Apple ever spelled things out, studiously circumventing the severity and dangers in each of these issues.
Releases of the supposedly impregnable OS X up to Tiger have been vulnerable to exploits in a way Microsoft have never suffered. Both 10.2 Jaguar and 10.3 Panther are to this day vulnerable to a number of privilege escalation exploits the simplicity of which must shock members of the security community.
Worse, it is now known that Apple have been aware of these weaknesses for a long time and yet refrained from providing simple fixes for months or years at a time. If ever there were a clue that a major OS vendor were relying blindly on 'security through obscurity', this is it. If ever a major OS vendor were eschewing full disclosure and all its benefits, this is it.
By simply placing files in any one of three unprotected directories on a default installation rogue code can either hijack all running applications or accomplish a privilege escalation to root (superuser) on the next restart. This is clearly unconscionable and not in compliance with the type of security otherwise offered by a 'real' server-side operating system like Unix.
All of these issues have been known for a long time, and while they were finally addressed in the April 2005 release of 10.4 Tiger, then current users were not adequately informed of the dangers in their systems. Reports of entire fleets of OS X computers being hijacked and turned into IRC zombies are found all across the Internet. Apple's policy has been to ignore these reports.
Even today there are further root exploits for OS X. Security professionals have alerted Apple to these vulnerabilities, yet Apple do nothing. As Apple practice security through obscurity, OS X users are left in the dark as to where the holes lie and given no means to protect themselves. Out of sight, out of mind does not work.
Apple's branch of their OS broke off the Unix tree a long time ago. Apple need to graft their OS back on that tree. They need to pay more than lip service to their claim to be based on Unix and open source. And they need to stop mucking about with this code. What they want to do with the gloss on top is irrelevant; that they have a responsibility to their users to not corrupt the underbody is fully relevant.
OS X users need to benefit from full disclosure. When exploits against OS X are found, Apple need to inform all users of them and offer fixes immediately. With respect to the three recently discussed vulnerabilities the fixes are eminently simple, and Apple could easily have provided security downloads for everyone.
But instead Apple continue to play the 'security through obscurity' game. Users are left wide open and given no chance to protect themselves.
It's one thing to be Microsoft and market the planet's singularly most vulnerable operating system; it's quite another to build on the rock solid foundation that is Unix, corrupt it to a point even Microsoft have not gone, and then pretend nothing has happened.
If a lock, let it have been made in whatever country, or by whatever maker, is not so inviolable as it has hitherto been deemed to be, surely it is to the interest of honest persons to know this fact, because the dishonest are tolerably certain to apply the knowledge practically; and the spread of the knowledge is necessary to give fair play to those who might suffer by ignorance.
It cannot be too earnestly urged that an acquaintance with real facts will, in the end, be better for all parties.
- AC Hobbs, Locks and Safes: The Construction of Locks, London 1853
The Other Shoe
Hyde Park Corner I
The Chocolate Tunnel
OS X: Still Not WYSIWYG
Peeking Inside the Chocolate Tunnel
Apple's 'Unix' Runs Arbitrary Code on Boot?
Input Managers — The Cure
OS X patch faces scrutiny
Trojan flaw persists in OS X
Experts Claim Security Flaw Remains
Apple criticised for persistent Trojan flaw