Leopard hacked beyond recognition and not even out yet!

Status
Not open for further replies.

gxsaurav

You gave been GXified
Lolz...why m I not surprised by the fake bubble bursting :D.

Sir, this is a lie....posted by Windows Fanboys, leopard might be a joke but there are no exploits out there to scare anyone, so it is not affecting any one & is a completely bad UI based article :D
 

a_k_s_h_a_y

Dreaming
koolbluez said:
Waitin for youknowwho to show his presence here :D
lolz :p

anyway mac guys/gals who love it coz its cool to have one wont care for it !

a dell xps for me
a mac book pro for my gf !!
 

iMav

The Devil's Advocate
:lol:

the mac salesman: its still not out its a beta so dont blame it besides jobs hasnt confessed it can be hacked so it cant be hacked :lol:
 

blueshift

Wise Old Crow
Apple's browser, and by the way version 3 is going by default into Leopard, launches the following programs on execution: "Address Book, Finder, iChat, Script Editor, iTunes, Dictionary, Help Viewer, iCal, Keynote, Mail, iPhoto, QuickTime Player, Sherlock, Terminal, BOMArchiveHelper, Preview and DiskImageMounter." Any security vulnerability residing in any of these applications can be exploited via Safari.

;-(

phaltugiri
 
Last edited:

infra_red_dude

Wire muncher!
1) According to Miller Macs are just as easy to hack as they are to use. "To help users, there are lots of 50+ suid root programs" revealed the security researcher. Suid Root is designed to help with the silent elevation of privileges in Unix and Unix based operating system such as the Mac OS X.....Suid Root is a design flaw, because allowing for silent and automatic elevation of privileges means inviting kernel level exploits.

2) Moreover, Apple does not "bother users with burdensome updates." All the open source solutions included in Mac OS X are not kept up to date including OpenSSH, OpenSSL, Apache, Samba, Cups. "The Samba on Mac OS X had an exploitable remote root vulnerability in it...it hadn’t been updated since February 2005"

3) But of course there's always the "safe from day one" Safari. Apple's browser, and by the way version 3 is going by default into Leopard, launches the following programs on execution: "Address Book, Finder, iChat, Script Editor, iTunes, Dictionary, Help Viewer, iCal, Keynote, Mail, iPhoto, QuickTime Player, Sherlock, Terminal, BOMArchiveHelper, Preview and DiskImageMounter." Any security vulnerability residing in any of these applications can be exploited via Safari.

4) "Apple doesn't randomize anything: the location of the stack, the location of the heap, the location of the binary image, the location of dynamic libraries and (to top it all off) heap is executable."
the reasons for exploits. i'm not surprised! the easier you make an OS the more vulnerable it is to exploit! i guess its time for open group to bring out unix 07 certification wid stronger emphasis on security before anything gets to use that certification.
 

rocket357

Security freak
Apple doesn't randomize anything: the location of the stack, the location of the heap, the location of the binary image, the location of dynamic libraries and (to top it all off) heap is executable.
Yeeouch...in today's day and age (when Microsoft has implemented ASLR, Linux/Unix has PaX, etc...) that's just asking to become the next "easy target".

Though honestly no amount of acronyms will help if the user compiles/installs vulnerable software on their system...not even OpenBSD will remain secure if versions of Samba are installed that contain remote root vulnerabilities. That's just how it goes...

But the OS vendor's code that comes preinstalled is on par with this:

18 security vulnerabilities for Safari 3 in the browser's first day
That...ehh, that's bad...doubt I'll be trusting any software from them anytime soon!

I'd have a Mac myself, but I can't bring myself to pay for an OS that I'd just install Linux over...
 

iMav

The Devil's Advocate
u thought i was refering arya .... i wasnt ... so it is u who is trying to make arya feel that im refering to him thereby making him post here .... not supposed to do that ;)

:D
 
Status
Not open for further replies.
Top Bottom