I love it how, at the very sight of even relatively esoteric security flaws in OS X, hordes of deeply frustrated Windows users starting popping up faster than corn in the microwave about how Apple sucks, Macs are useless and all Mac users are stupid, arrogant and elitist shitheads and they should all die. The facts are irrelevant, the numbers aren’t that important - a flaw was found in Mac OS X allowing remote exploit!!111eleven
I really don’t care if Dino Dai Zovi is white hat or black hat. What I do take note of is the lack of details regarding this vulnerability. Was Apple notified? Full Disclosure? Or just TippingPoint? Because, you see, TippingPoint is an IPS seller. If the flaw is only known by ddz and them… and they sell it… will it somehow just show up in the wild… get rediscovered… or fixed by Apple after an engineer dreams it up… or what? I also note that people tend to ignore the general details of the flaw - as vague and scarce as they may be - and just jump up to point a finger. I won’t reiterate the technical aspects at this moment: Safari remote exploit by visiting a bad website. More in the links at the end of this scribble.
Bear this in mind: one Apple/OS X flaw made the news, round-trip over the Internet. How many Windows flaws do you hear in such detail about? Sure, we’re all used to news bulletins detailing the latest patches/0days for Windows but they don’t have the same “shock-and-awe” factor as the Mac ones do.
Second, only parageeks and the techno plebes will ever believe in a truly secure operating system. So whichever side of the war you’re on, always bear in mind that sooner or later something will bite you. Sure, Apple advertises their OS as being more secure than Windows - and, presently, it is. Be that a summation of market share in the corporate and private sectors or technological superiority or whatever other reason, the accessibility of exploits for OS X and their remotely exploitable, automated effects is far below what Windows has been famous for in recent years. But this does not mean the ads won’t need to change at some point. It comes with the territory.
More on this: Say it ain’t so Steve… [at ErrataSec] vs. In My World [at Daring Fireball] with some back-info on the Matasano Chargen blog [scroll down for the stories.]
