Apple Slapped for Sloppy Security Response

Posted by:
Date: Thursday, April 21st, 2005, 09:55
Category: Software

VNUNet.com is reporting on Apple’s security patch for a vulnerability in its iSync application:

The patch released on Tuesday is identified as Security Update 2005-004. It followed one month after update 2005-003.
The flaw makes iSync’s mRouter tool vulnerable to a buffer overflow attack. Users with local access to affected systems could then gain super-user privileges.
Apple computers running OS X version 10.2.8 through to the current version 10.3.9 are susceptible to the bug.
The flaw was discovered by Braden Thomas, an independent developer of security software and a member of the University of Southern California’s Digital Security Interest Group.
Thomas went public about the security hole on 22 January, and had notified Apple even earlier. In an email to vnunet.com, Thomas explained that “three months is a long time to fix the bug”.


VNUNet.com is reporting on Apple’s security patch for a vulnerability in its iSync application:

The patch released on Tuesday is identified as Security Update 2005-004. It followed one month after update 2005-003.
The flaw makes iSync’s mRouter tool vulnerable to a buffer overflow attack. Users with local access to affected systems could then gain super-user privileges.
Apple computers running OS X version 10.2.8 through to the current version 10.3.9 are susceptible to the bug.
The flaw was discovered by Braden Thomas, an independent developer of security software and a member of the University of Southern California’s Digital Security Interest Group.
Thomas went public about the security hole on 22 January, and had notified Apple even earlier. In an email to vnunet.com, Thomas explained that “three months is a long time to fix the bug”.

Recent Posts