Contributed by Staff January 19, 2005 10:17 AM

It would seem that Apple's Mac OS X system has fallen vicitim to four security break downs. The issues were discovered by security firm Immunity and reported by ZDNet.

Certainly, this latest advisory will be thrown in the face of Mac advocates as proof against the claims that Macs are more secure than their Windows counterparts. However, there are three (3) issues I hope--though I'm certain they will, won't be overlooked.

The first is in the way the company made the security issues known. According to ZDNet the issues were discovered last June and were sent to a select list of Immunity's customers. While contrary to convention, Apple went without notice until the company made the problems public at a recent seminar.

Perhaps Immunity felt this was excusable since its evaluation of the flaws determined that there was little chance of wide-spread exploitation since they would mostly affect remotely available systems with large numbers of users. This, according to Immunity takes the Mac out of harm's way due to its interpretation of the Mac market being mostly desktop use.

But the most intriguing point, and arguably the reason why the company opted to leave Apple in the dark is the fact that according to its own documentation, there is no known exploit for the issues. Under the section "Detection" the document reads "Immunity research is currently working on producing reliable exploits for the vulnerabilities."

To those drooling at the potential of discovering a dent in the Mac OS X armor, remember that this is "par for the course" when considering its security. A vulnerability is typically discovered and fixed before it can ever be exploited.

The PDF version of Immunity's finding can be found here: http://www.immunitysec.com/downloads/nukido.pdf


© 2005 Kaomso