Apple plugs 15 Java for Mac security holes

TalkBack 1 of 25:

Next »

• Thread View
• Flat View

Flash, Java, libxml vulnerabilities highligh Apples systemic problem

Once again information about vulnerabilities
have been readily available for anyone who
wishes to exploit them.

An attacker only needs to look up popular 3rd
party products in Apples stack and compare
versions against the latest from the vendor.
Any version discrepancy reveals potential open
security holes where detailed vulnerability-
and exploit info is readily available.

The problem is one of logistics. Apple
assembles the OSX stack from a multitude of
sources. They cannot control where, how and
when these products are patches and
vulnerability information is revealed. On the
other hand they cannot rush to patch each and
every time.

Apple (and their customers) have to live with
the fact that, compared to a truly proprietary
stack, more often than not vulnerability
information leaks before they can push the
patch through coding/testing/QA.

In other words, it is inherent that OS X have
more high-risk days (days between vulnerability
information in the open and until patch is
available).

Posted by: honeymonster   Posted on: 09/03/09 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
• Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
• Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now