Apple refuses to fix 10 year old bugs

A SECURITY expert has warned that Apple’s OS X is full of security flaws that were fixed on other operating systems more than a decade ago.

Neil Archibald, senior security researcher at software security specialists Suresec, told ZDNet that while there is no problem at the moment, if OSX becomes popular it could become of interest to hackers. He said that if hackers lifted the bonnet up of the operating system they will find plenty of “low-hanging bugs” to play with.

Apparently the problem is that Apple does not use software auditing tools to scan enough of its super soar away software.This means that applications and libraries are under-audited and have coding mistakes which could create buffer overflow errors, he said.

Archibald was the bloke who spotted the “dsidentity” bug which could easily have been exploited to grant a non-privileged user with admin rights and allow that user to create and remove “root” user accounts. While Apple fixed the bug, it would have been revealed with a simple glance over the code, Archibald claims.

He was critical about the way Apple deals with security researchers who find holes in its software. The company was slow to respond and tended to think that researchers should to wait indefinitely to release the vulnerabilities while offering them no incentive.

News source: Theinquirer


Please enter your comment!
Please enter your name here