Apple Drops The Security Ball… Again

The topic of Apple not being serious about security seems to keep coming up again and again and again. This time, an article on The Register points to a researcher who reported a security related bug to Apple seven months ago and it still remains unpatched:

The buffer overflow flaw could be exploited by attackers to remotely execute malicious code, and virtually all Apple devices – including Mac computers and servers, iPhones, and even Apple TV – are susceptible, one of the researchers, Maksymilian Arciemowicz, told The Register. SecurityReason.com, the Poland-based security firm he works for, alerted Apple to the vulnerability in the middle of June and again last month, but the computer maker has yet to patch the bug.

By contrast, developers for OpenBSD, NetBSD, FreeBSD, and a variety of Mozilla applications have fixed identical vulnerabilities, in some cases within hours of notification. The bug affects all applications and operating systems that implement gdtoa floating point numbers.

“It was not that difficult to patch it,” Arciemowicz wrote in an email. “It seems to us that Apple comes from the assumption that when there is no PoC or exploit given that the problem doesn’t exist.”

You know, one has to wonder what the logic of Apple has to be when it comes to security. After all if you’re going to bash Windows for having substandard security, the security in your products has to be top shelf. That clearly doesn’t seem to be the case.

Perhaps it’s time for them to get their heads out of the sand and start taking security seriously. Otherwise, they won’t be seen in the marketplace (in particular the enterprise space) as an alternative to Windows.

One Response to “Apple Drops The Security Ball… Again”

  1. Cue the fanbois and their cries of “it does not matter, there is so little of a chance…blah blah blah…”

Leave a Reply

%d bloggers like this: