• Explore the magic and the mystery!
  • The Tech Night Owl's Home Page
  • Namecheap.com





  • Newsletter #386 Preview: More Mac Security Monkey Business

    April 23rd, 2007

    One of the lamer suggestions I heard from an instructor at some unmentionable educational institution some years back was that you could boost the number of graduates simply by lowering the standards. At the time, I thought the person who made this foolish statement probably could use a new job, perhaps one at a local fast food restaurant.

    I’ll explain what I’m getting at shortly.

    To begin with, as Apple patches more and more security leaks in Mac OS X, you have to wonder when or if any of them will be exploited. I mean, if you read the nasty details of a typical problem, you can’t help but feel just a little less secure.

    Take the most recent update released this month. Among over two dozen fixes was one that addressed this deficiency: “A memory corruption vulnerability exists in fsck. It is possible to cause fsck to be run automatically on a disk image when it is opened. By enticing a user to open a maliciously-crafted disk image, or to run fsck on any maliciously-crafted UFS filesystem, an attacker could trigger the issue which may lead to an unexpected application termination or arbitrary code execution.”

    All right, we’ve all got to be on the lookout for a “maliciously-crafted UFS filesystem” or a “maliciously-crafted disk image.” Heaven knows what’ll happen.

    On the other hand, has there ever, anywhere, been such an attempt other than in a laboratory?

    Story continued in this week’s Tech Night Owl Newsletter.



    Share
    | Print This Article Print This Article

    Tech Night Owl Comments

    Your email address will not be published. Required fields are marked *