AppleInsider has taken the aforementioned Secunia vulnerability report to task, dismantling the claim that Apple has the highest number of security holes.
Secunia’s vulnerability counts reset when Microsoft changes the name of its product, but continue to accumulate for Apple because the company hasn’t rebranded Mac OS X since 2003, when Secunia began keeping track. Browsing Secunia’s database, it appears Mac OS X has suffered from hundreds of vulnerabilities while Microsoft’s Windows has racked up far fewer, but that’s only because Microsoft’s regular rebranding efforts reset Secunia’s clocks.
At the same time, Secunia does not break up Apple’s vulnerability counts by each reference release of Mac OS X, so its current vulnerability listings date back through Jaguar, Panther, Tiger, and Leopard, as well as the currently installed base of Snow Leopard.
How Secunia arrives at its totals are also puzzling, as according to its own statistics Apple’s Mac OS X was affected by 6 “advisories” in 2010, only one of which has not yet been patched. That issue is rated as “not critical” and can only be exploited by local users.
This is the article I should have written, but unfortunately I did not have the time to conduct the necessary in-depth research to write such an eloquent response to the obviously bogus report. AppleInsider should be praised for clearly articulating their dissection of the claims made in the report, especially since Secunia carries a lot of weight in the security industry.
It is obvious Secunia need to tweak their methods to better express an accurate depiction of the operating system vulnerability landscape. The first thing Secunia needs to do is retract the graph, which is what most people are paying close attention to. A visual representation of the number of vulnerabilities, with Apple sitting atop the chart, clearly does the security industry an injustice by not accurately reporting the current vendor vulnerability situation.
Although Mac OS X has remained virtually free of any large-scale virus or malware outbreaks, according to a report released by security firm Secunia the operating system ranks at the top of the most vulnerabilities chart in terms of the sheer number of exploits available.
Mac OS has remained relatively untouched by major viruses and hacking efforts in the past, as most ne’er-do-wells may have considered the operating system’s market share and thus potential for private information less enticing than those of Microsoft’s Windows. With the rise of Mac market share and the popularity of the iPhone, however, there is little doubt that Apple platforms will become major malware targets in the near future.
Surely this is rather unbelievable to most people, who expected to escape from Microsoft security vulnerability hell by switching to Mac OS X. Apparently the numbers do not lie, however I cannot help but feel the numbers are somewhat off.
I own a Mac at home but administer Windows XP at work, insofar as I am a network security professional whose job is to protect the network from bad guys and evil corporations incapable of adequately programming their software. Thinking back over the last couple years, I cannot fathom how Secunia came to the conclusion that Apple has a higher number of vulnerabilities than Microsoft. It is unbelievable, especially considering the large number of Windows patches I am required to push out on a monthly basis. Contrast that to the number of Apple patches I’ve installed on my home laptop and it just feels like the scales are tipped towards Microsoft by a large margin.
Check out the report for the full details.
Update: I failed to seize the opportunity to dissect the crappy Secunia report, but AppleInsider has taken charge, clearly dismantling the claims that Apple has the highest number of vulnerabilities. It is a wonderful read and is essentially the article I should have written.
Jeremiah Grossman has uncovered a fatal privacy flaw in Apple’s Safari Web Browser v4 and v5 which allows a malicious web site to surreptitiously extract data automatically filled Jeremiah Grossman by way of the “AutoFill” functionality.
All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker.
There is currently no fix available for this vulnerability. Until Apple does release a security update addressing this exploit, immediately turn off the AutoFill feature in Safari. Either that or modify your Address Book Card to something with innocuous data.
On a side note, according to Grossman he informed Apple over a month ago about the exploit but has yet to receive a response. No surprise there – Apple is renown for not responding to such submissions. This is not to say they will not provide a response, but rather to keep the issue on the down-low, which is really how Apple rolls when it comes to flaws with their products.
According to Jim Dalrymple Apple will be holding a press conference this coming Friday to discuss the iPhone 4, presumably to chat about the recent antenna and reception issues:
Apple on Wednesday invited select press to a special press conference to be held this Friday in California.
Apple would only say that the press conference would be regarding the iPhone 4. No other information was available when I spoke with them tonight.
Could this possibly be the first time that Apple has held a press conference for something other than to announce a new product? One such theory by Dan Rubin is that Apple will finally announce the availability of the iPhone on Verizon. This would ultimately change the conversation to something positive – misdirection if you will – because Verizon has the most robust mobile network in the states. But what about the international people complaining about the iPhone 4 and its antenna reception issues?
Whatever happens on Friday, it should be very interesting. I imagine a lot of folks would welcome the iPhone on Verizon but I’m not buying it. However, and this is a big if – maybe this is why the white iPhone is taking so long to manufacture – because its the fabled CDMA version for Verizon?
Those jackasses at patent holding company NTP once again have opted to use the courtroom to attempt to generate revenue rather than innovating in the technology space. This time they are suing Google, Apple, HTC, LG, Microsoft and Motorola for allegedly violating eight of their patents covering wireless email delivery.
In 2001, NTP filed a similar suit against Research In Motion, and in 2006, the suit was dismissed after RIM paid $612 million in a settlement. As a result of that arrangement, RIM is not named in the new suit, nor is Nokia — the world’s largest smartphone maker — since both companies have licensing agreements with the patent company.
I find the timing quite interesting. The NTP vs. RIM lawsuit concluded in 2006, yet it took NTP four additional years before deciding to sue these companies. Here in 2010 Apple and HTC own the smartphone market with their iPhone and Android products respectively. Could this suit have anything to do with the extreme popularity of those devices?
Surely there is a relationship otherwise, for example, why not sue Apple upon the release of the first iPhone since its email capabilities have virtually remained the same?
Either way, patent holding companies like NTP – companies which purchase patents rather than innovating themselves – which do not produce any types of products but opt to use the courts for profit only end up hurting the technology sector as a whole. As long as there are greedy bastards like NTP running around suing companies on baseless grounds then many corporations will be afraid to take risks for fear of being in the crosshairs of some pointless, faceless, product-less lawsuit machine.
What a lovely Independence Day surprise: global iTunes accounts have been compromised and used to purchase up to $600 worth of AppStore apps per account. Initially the suspicious activity pointed towards one specific developer, but has since spread to multiple developers, multiple iTunes accounts and more than the US iTunes store. The Next Web has a detailed list of the facts surrounding this breach.
- A number of iTunes have been account from across the globe, not just the US, and used to purchase apps.
- iTunes users have reported anywhere between $100-$1400 spent using their accounts.
- Many of the apps have been purchased to specifically climb up the iTunes ranking to gain momentum in the hope that others will purchase the apps based on their high sales.
- Currently all the app purchased have been owned by Asia based developers with little information known about them. Clearly they feel being based in Asia will give them immunity to any US laws.
- The developers website and support links direct users to non-existent websites or landing pages.
- The initial rogue developer’s have now been removed from the app store but other unethical developers still have their accounts available in the app store – details on those to come.
Check your iTunes purchase history and/or your online banking access to determine if your account has been compromised in this security breach. If it has, I suggest immediately contacting Apple’s iTunes customer service and your bank to dispute the charges, so that you may recover any potentially lost funds as a result of this incident.
It is not really known how widespread this security breach is, or what vector was used to facilitate the hack. The initial hack by Vietnamese developer “Thuat Nguyen” that was reported all over the blogosphere may have lead to discussion about entirely unrelated security incidents.
At this point nobody knows exactly what is going on or how all the breaches are tied together. Be on the lookout for additional information once it becomes available. In the meantime, check out your purchase history to ensure your account was not used in the breach.
According to Consumer Reports, it appears the iPhone 4 signal issues many folks are complaining about may not necessarily be unique to the iPhone 4 and might not even be all that serious.
Most of the Web sites reporting dropped signals and even dropped calls have demonstrated several techniques, or “death grips” for recreating the problem (which we’ve yet been able to reproduce in a meaningful way). But those almost always require squeezing the phone hard, in an unnatural way. Those grips may also produce sweaty palms from exertion, with the sweat increasing conductivity—and possibly the degree of signal loss.
There does not appear to be a hard and fast rule for when and how this signal degradation issue afflicts the iPhone 4. About the only constant in all cases is a lack of a quality signal in the area, which may ultimately facilitate the purported issues.
Either way, this is definitely not going to stop me from snatching up an iPhone 4. What about you?
Two possibilities come to mind: 1) Apple realizes its antenna problems are due to an internal control issue so they fired a few iPhone/iPad antenna engineers, or 2) Apple was missing this type of expertise to begin with.
Kristena Hansen at the Los Angeles Times writes this about Apple:
The company, which is under fire for reception problems with its newest iPhone model and its iPad tablet computer, has posted three openings on its website for jobs described as “Antenna Engineer-iPad/iPhone.”
…
The posts are dated June 23, the day before the launch of the iPhone 4, which customers have been complaining loses signal when held in certain ways that seem to interfere with the device’s antenna.
Should you just skip Apple’s iPhone 4 and wait for the iPhone 5?
Truly disappointing leak from Apple. Even worse than Steve Jobs’ “You’re holding it wrong” remark.
Boy Genius reports on Apple’s leak:
- Keep all of the positioning statements in the BN handy – your tone when delivering this information is important.
a. The iPhone 4’s wireless performance is the best we have ever shipped. Our testing shows that iPhone 4’s overall antenna performance is better than iPhone 3GS.
b. Gripping almost any mobile phone in certain places will reduce its reception. This is true of the iPhone 4, the iPhone 3GS, and many other phones we have tested. It is a fact of life in the wireless world.
c. If you are experiencing this on your iPhone 3GS, avoid covering the bottom-right side with your hand.
d. If you are experiencing this on your iPhone 4, avoid covering the black strip in the lower-left corner of the metal band.
e. The use of a case or Bumper that is made out of rubber or plastic may improve wireless performance by keeping your hand from directly covering these areas.
- Do not perform warranty service. Use the positioning above for any customer questions or concerns.
- Don’t forget YOU STILL NEED to probe and troubleshoot. If a customer calls about their reception while the phone is sitting on a table (not being held) it is not the metal band.
- ONLY escalate if the issue exists when the phone is not held AND you cannot resolve it.
- We ARE NOT appeasing customers with free bumpers – DON’T promise a free bumper to customers.
Potential upside to the iPhone 4 antenna debacle coming this Monday in the form of iOS 4.01?
Readers report that Apple’s tech support forums originally confirmed that a iOS 4.0.1 software fix addressing the issue would ship early next week (as early as Monday), before the comments were subsequently taken down along with all the other related discussion about the matter.–Daniel Eran Dilger, AppleInsider.com
Cisco couldn’t have timed this announcement any better with the Apple iPad now flying off retailer shelves to the tune of 3 million in 80 days.
Cisco announced their plans to release an Android powered tablet computer that could shake up the iPad’s death grip on portable PC markets:
Cisco Cius is an ultra-portable device weighing just 1.15lbs (0.52kg) that extends the productivity benefits of Cisco collaboration applications to a highly secure mobile platform. In addition to full telepresence interoperability, Cisco Cius offers HD video streaming and real-time video, multi-party conferencing, email, messaging, browsing, and the ability to produce, edit and share content stored locally or centrally in the cloud.
The Cisco Cius includes specs missing on the first gen iPad such as an HD display port, USB ports and front-mounted 720p HD camera.
A couple of already obvious caveats: 1) the Cius’ planned launch date which isn’t until the first part of 2011 and 2) no target price range.
Could this be a machine for the masses, competing head-to-head with the iPad. Or, will Cisco roll out the Cius as an [expensive] business unified communications solution.
