Sigh, no, FreeBSD 5. Why don't you go look here? http://developer.apple.com/opensource/index.html. Quoting part of the first line:Originally Posted by riffer
"If you like open source development, you'll love Mac OS X. This fully-conformant UNIX operating system—built on Mach 3.0 and FreeBSD 5..."
Not to mention part of the first paragraph at http://www.apple.com/opensource/
"Major components of Mac OS X, including the UNIX-based core, are made available under Apple’s Open Source license,..."
Oh piss off. As you said, the rendering engine is open source, nothing is obfuscated or hidden. Apple developers were able to see every line of code they implemented in the default browser for the OS. They missed a vulnerability in their testing and allowed it to go out. You don't install the browser separately, it's supplied in the default installation of the OS. You don't think there were plenty of other things they found, modified the code and supplied back to the project? That's how opensource works. I guarantee that Safari received a shitload more testing from Apple than Adobe Flash ever did. Safari was written and supplied by Apple and they had far more opportunity to test it. I don't blame Apple and I doubt many people do. No single team of developers is going to find every problem, but the fact remains that they missed one and they have no one but themselves to blame. I haven't seen anything from Apple to say they don't think it was their responsibility. They just patched it in a timely manner (how often have you seen Microsoft delay and refuse to admit a problem until they have no choice?), and got on with it. The fact that they were able to patch it so quickly with additional javascript validation shows that it was not that difficult or obscure a bug.Not the part which enabled the exploit. So there's not really much of a difference between a browser hack and a Flash exploit.
Can we now? Can you please post any link that supports this? The most I've seen is that he got paid $50k in 2005 for delivering a linux bug to an undisclosed government agency. If that is the case, it is really stretching to describe someone probably paid as a contractor, to be an employee. And despite the fact that he was a Unix expert, he chose to attack the Mac rather than the Ubuntu linux box. Interesting statement in itself, don't you think?What we can take out of this whole thing is that:
1. The ex-NSA bloke who exploited the Webkit vulnerability was a Unix expert.
Don't basically disagree with either of those. Apple is paying the price for becoming more successful. They're selling way more, so way more people are becoming intimately familiar with their workings. Because there are so many more targets than there used to be, the losers are turning their attention to the new (ish) kid. Third party apps are mostly a problem because the bulk of the comapnies lack the resources to carry out the level of testing that Apple or Microsoft do. The ones that care and are in it for the long run rely on their intimate knowledge of their own product. Excluding Redhat Enterprise/CentOS, when you consider how the other Linux distributions are put together, it's amazing that they're as secure as they are. Those distributions are effectively all third party applications.2. Third-party developers are a big problem security-wise
3. Most OS's are pretty secure anyway.
Reply With Quote
Bookmarks