[ QUOTE ]
js said:
NewBie aka Jarhead,
You seem to be an anti-Apple kind of guy judging by some of your recent posts? Is that so?
In any case, I can say, as a sort of man-on-the-street perspective, that my G4 that I have at home, and the G3 that we have in the Control Room here at work, are both WAY MORE RELIABLE in every conceivable way than ANY of the PC's I've had the misfortune to have to use (such as the one I'm using right now).
A recall now and again is nothing to get too excited about, especially when considered in the larger context of what Apple delivers and how well the products acquit themselves.
That's my experience at least.
Plus, OS X kicks Windows' *** all up and down the street, no contest whatsoever. It's such an excellent operating system, it's a miracle that any company ever produced it and offered it for sale.
[/ QUOTE ]
Your remarks are an example of why threads about Apple end up being a hopeless situation of Apple vs PC rhetoric. Newbie's post wasn't anti-Apple. It's a current news story.
If there were those waiting with bated breath to post anything negative, this would have already been posted:
US-CERT Vulnerablities Concerning Apple Computers; some as long ago as December.
[ QUOTE ]
* US-CERT Vulnerability Note VU#582934 -
http://www.kb.cert.org/vuls/id/582934
* US-CERT Vulnerability Note VU#258390 -
http://www.kb.cert.org/vuls/id/258390
* US-CERT Vulnerability Note VU#331694 -
http://www.kb.cert.org/vuls/id/331694
* US-CERT Vulnerability Note VU#706838 -
http://www.kb.cert.org/vuls/id/706838
* US-CERT Vulnerability Note VU#539110 -
http://www.kb.cert.org/vuls/id/539110
* US-CERT Vulnerability Note VU#354486 -
http://www.kb.cert.org/vuls/id/354486
* US-CERT Vulnerability Note VU#882750 -
http://www.kb.cert.org/vuls/id/882750
* US-CERT Vulnerability Note VU#537878 -
http://www.kb.cert.org/vuls/id/537878
* US-CERT Vulnerability Note VU#125598 -
http://www.kb.cert.org/vuls/id/125598
* US-CERT Vulnerability Note VU#356070 -
http://www.kb.cert.org/vuls/id/356070
[/ QUOTE ]
Apple finally got around to addressing them eight days ago, according to this memo from US-CERT with it's notice of an update.
[ QUOTE ]
Apple Security Update 2005-005 resolves a number of vulnerabilities
affecting Mac OS X and OS X Server. Further details are available in
the following Vulnerability Notes:
VU#356070 - Apple Terminal fails to properly sanitize input for
x-man-page URI
Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing
a remote attacker to execute arbitrary commands.
(CAN-2005-1342)
VU#882750 - libXpm image library vulnerable to buffer overflow
libXpm image parsing code contains a buffer-overflow vulnerability
that may allow a remote attacker execute arbitrary code or cause a
denial-of-service condition.
(CAN-2004-0687)
VU#125598 - LibTIFF vulnerable to integer overflow via corrupted
directory entry count
An integer overflow in LibTIFF may allow a remote attacker to execute
arbitrary code.
(CAN-2004-1308)
VU#539110 - LibTIFF vulnerable to integer overflow in the
TIFFFetchStrip() routine
An integer overflow in LibTIFF may allow a remote attacker to execute
arbitrary code.
(CAN-2004-1307)
VU#537878 - libXpm library contains multiple integer overflow
vulnerabilities
libXpm contains multiple integer-overflow vulnerabilities that may
allow a remote attacker execute arbitrary code or cause a
denial-of-service condition.
(CAN-2004-0688)
VU#331694 - Apple Mac OS X chpass/chfn/chsh utilities do not properly
validate external programs
Mac OS X Directory Service utilities do not properly validate code
paths to external programs, potentially allowing a local attacker to
execute arbitrary code.
(CAN-2004-1335)
VU#582934 - Apple Mac OS X Foundation framework vulnerable to buffer
overflow via incorrect handling of an environmental variable
A buffer overflow in Mac OS X's Foundation Framework's processing of
environment variables may lead to elevated privileges.
(CAN-2004-1336)
VU#706838 - Apple Mac OS X vulnerable to buffer overflow via vpnd
daemon
Apple Mac OS X contains a buffer overflow in vpnd that could allow a
local, authenticated attacker to execute arbitrary code with root
privileges.
(CAN-2004-1343)
VU#258390 - Apple Mac OS X with Bluetooth enabled may allow file
exchange without prompting users
Apple Mac OS X with Bluetooth support may unintentionally allow files
to be exchanged with other systems by default.
(CAN-2004-1332)
VU#354486 - Apple Mac OS X Server Netinfo Setup Tool fails to validate
command line parameters
Apple Mac OS X Server NeST tool contains a vulnerability in the
processing of command line arguments that could allow a local attacker
to execute arbitrary code.
(CAN-2004-0594)
Please note that Apple Security Update 2005-005 addresses additional
vulnerabilities not described above. As further information becomes
available, we will publish individual Vulnerability Notes.