|
View unanswered posts | View active topics
It is currently Sun May 25, 2025 1:41 am
|
Page 1 of 1
|
[ 9 posts ] |
|
| Author |
Message |
|
bobbdobbs
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 7:10 pm
Posts: 5490
Location: just behind you!
|
Just to balance CC  Safari/MacBook first to fall at Pwn2Own 2011 clickyand he won 15k plus a mac book air. _________________Finally joined Flickr
|
| Thu Mar 10, 2011 8:34 am |
|
|
|
HeatherKay
Moderator
Joined: Thu Apr 23, 2009 6:13 pm
Posts: 7262
Location: Here, but not all there.
|
I have a feeling this was patched yesterday.
Don't quote me on that, though.
_________________My Flickr | Snaptophobic BloggageHeather Kay: modelling details that matter. "Let my windows be open to receive new ideas but let me also be strong enough not to be blown away by them." - Mahatma Gandhi.
|
| Thu Mar 10, 2011 8:39 am |
|
|
|
adidan
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 9:43 pm
Posts: 5048
|
I had visions of a monkey shield.
_________________
Fogmeister I ventured into Solitude but didn't really do much.
jonbwfc I was behind her in a queue today - but I wouldn't describe it as 'bushy'.
|
| Thu Mar 10, 2011 9:04 am |
|
|
|
MrStevenRogers
Spends far too much time on here
Joined: Fri Apr 24, 2009 9:44 pm
Posts: 4860
|
well done that man and have just updated ...
_________________
Hope this helps . . . Steve ...
Nothing known travels faster than light, except bad news ...
HP Pavilion 24" AiO. Ryzen7u. 32GB/1TB M2. Windows 11 Home ...
|
| Thu Mar 10, 2011 9:17 am |
|
|
|
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
|
 The problem is, OS X has pretty much stood still, in terms of security measures over the last 5 years and now lags behind Windows 7.
The Apple implementation of DEP and ASLR are fundamentally flawed, which was pointed out, when it came out in 2008, and Apple haven't addressed the issue in the interviening time, even Lion doesn't address the flaws in the implementation of ASLR.
Basically, ASLR should randomise where programs are loaded in memory. In Windows, this includes the underlying operating system and key libraries as well. Under OS X, it only applies to applications, not to system libraries and the OS itself. This means, that, once you have an exploit in an application, like Safari, you can't attack its memory or the memory of 3rd party applications, but if you also have a flaw in the base OS, you can exploit it, because you know where it is...
It is interesting, OS X has gone from secure plus security through obscurity (there aren't enough devices out there to warrant developing exploits for it), to just security through obscurity... And with increasing market share, they are also becoming less obscure.
That isn't to say that Microsoft don't have problems, just that they have addressed a lot of the key technologies which were causing problems and have toughened up the default security. In contrast, Apple seem to be sitting on security issues, until it is pointed out that they haven't patched a bug - a lot of the bugs that have been patched recently are in open source software, where the open source projects themselves (often projects run by Apple!) have released patches up to 18 months ago, but Apple haven't "bothered" to implement them, until they get bad press...
_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
| Thu Mar 10, 2011 9:31 am |
|
|
|
steve74
Doesn't have much of a life
Joined: Fri Apr 24, 2009 12:43 pm
Posts: 1798
Location: Manchester
|
Apple issued the Safari 5.0.4 yesterday and also some Java Updates to address security issues. I wonder if they intentionally didn't download these before they started? Not that this makes it OK, as there must have been vulnerabilities there before these patches, but Apple's release date implies that they were issued because they knew this event was coming this week. I wonder if they were using Safari 5.0.4 or the older 5.0.3?
_________________
* Steve *
* Witty statement goes here *
|
| Thu Mar 10, 2011 9:35 am |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
according to the article. However I'd assume that would mean 'fully patched at the time the competition started' and that nobody would be allowed to interfere with the target once the competition was on, other than under the terms of the competition, otherwise any conclusions from it are pretty much moot. It may possibly be that the patches were released within the timescale of the competition being active, so the effect you get is the hack can be used to win the competition but by the time it's publicized it's no longer as useful. I'd imagine all parties involved would be fairly happy with that. Jon
|
| Thu Mar 10, 2011 11:26 am |
|
|
|
bobbdobbs
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 7:10 pm
Posts: 5490
Location: just behind you!
|
_________________Finally joined Flickr
|
| Thu Mar 10, 2011 12:15 pm |
|
|
|
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
|
Just to balance things, Apple's update to iTunes has fixed over 50 bugs, many critical, in Webkit...
_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
| Sat Mar 12, 2011 11:50 am |
|
|
|
|
Page 1 of 1
|
[ 9 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 46 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
|
|
