Announcement

Collapse
No announcement yet.

Slew of OS X vulnerabilities found, Apple says to fix you must buy Panther for $129..

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Slew of OS X vulnerabilities found, Apple says to fix you must buy Panther for $129..

    What an incredibly rational policy. Not only do you charge $129 each year for an incremental upgrade, you force them to upgrade if they want their machines ot stay secure. Brilliant.

    .xyz is for every website, everywhere.® We offer the most flexible and affordable domain names to create choice for the next generation of internet users.

    Will Apple just patch Panther?
    Last modified: October 29, 2003, 12:27 PM PST
    By Robert Lemos
    Staff Writer, CNET News.com

    Apple Computer's latest version of its Mac OS X operating system, Panther, patches security flaws that affect previous versions of the operating system, leaving security experts wondering if users will have to pay the $129 upgrade fee to be secure.

    On Tuesday, Apple released an advisory indicating that the Mac OS X 10.3 upgrade includes more than a dozen "security enhancements," none of which appears to have been applied to previous versions of the software. Apple's Security Updates Web page doesn't list the fixes for previous versions of the operating system.

    "It is not a friendly thing to tell your customers to shell out a lot of money to stay secure," said Thor Larholm, senior researcher for software security firm PivX Solutions. "It would be a dangerous precedent, if they did."

    Apple declined comment.

    Typically, companies that charge for software provide security updates for the software for a certain period of time. Microsoft provides support for its products for about five years and releases service packs every year that include all the enhancements to the software. Microsoft doesn't charge for the service packs.

    "Imagine if Microsoft tried to charge for security fixes--people would go crazy," Larholm said.

    Linux vendors typically work things bit differently, as so much of the software they distribute is produced by developers outside the companies. Red Hat, for example, charges about $40 for its desktop edition and provides a year of updates for free. After that, users either have to pay $60 a year to join the company's Red Hat Network and receive updates or subscribe to a free service, such as Ximian's basic Red Carpet service. (Ximian is now owned by Novell.)

    Apple's plan falls between the two models, offering bug fixes for free but charging $129 for the update to the operating system--the third time the company has released a new version since Mac OS X debuted in March 2001.

    The current set of vulnerabilities include a flaw in the operating system that causes applications to be installed with insecure file permissions. Other vulnerabilities could let a local or remote user crash the system.

    Security firm @Stake found four of the vulnerabilities and worked with Apple to fix them in time for the release of Panther. The advisories seem to indicate that Apple doesn't plan to release fixes for earlier versions of the Mac OS X. Each advisory says that users should either upgrade to Panther or turn off the affected software component.

    PivX's Larholm said that Apple would have to release some patches or risk angering its users.

    "They have stated that they want to release a new version of OS X every year, but this is the first time they have hinted that they will not be supporting any particular OS X version for more than that year, and that they expect all their customers to upgrade their operating system on a yearly basis," he said.
    "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
    Ben Kenobi: "That means I'm doing something right. "

  • #2
    Is it just warez propaganda or real legalization of extortion??
    money sqrt evil;
    My literacy level are appalling.

    Comment


    • #3
      hey! they're just like microsoft now with security updates!

      gotta love apple. trying to beat bill at his own game, after being so thoroughly quashed trying to play his.
      B♭3

      Comment


      • #4
        Originally posted by Q Cubed
        hey! they're just like microsoft now with security updates!

        gotta love apple. trying to beat bill at his own game, after being so thoroughly quashed trying to play his.
        Except that Microsoft doesn't charge $129 for each security patch.

        Comment


        • #5
          i know! that's why job's method is better! he could get lots more money for patching than gates could.
          B♭3

          Comment


          • #6


            Jobs knows how to milk money out of a blindingly loyal fanbase, he's one of the best there is for that. Coupled with a brilliant marketing department, Apple users gloat about the privledge of paying $130 each year for an OS.
            "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
            Ben Kenobi: "That means I'm doing something right. "

            Comment


            • #7
              Hmm, I notice a complete lack of details regarding these vulnerabilities. Note that Apple doesn't actually admit to any security holes in OS X. Instead we find out that a consulting firm scared Apple into paying them to "help" fix these alleged vulnerabilities. They wouldn't be very successful consultants if they found nothing, now would they?

              "Imagine if Microsoft tried to charge for security fixes--people would go crazy," Larholm said.
              Only because there have been so many, even MS doesn't have that much nerve.

              Comment


              • #8
                Originally posted by gunkulator
                Hmm, I notice a complete lack of details regarding these vulnerabilities. Note that Apple doesn't actually admit to any security holes in OS X.
                Duh.
                Apple doesn't provide technical details like MS does, they shove everything under the rug and label patches as "Security Enhancements" and they get to count them as one of the "150 new features in Panther!!!"

                The security vulnerabilities no doubt exist, and they are no doubt fixed in Panther, but Apple seems to assume everyone pays $130 a year to upgrade.
                "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                Ben Kenobi: "That means I'm doing something right. "

                Comment


                • #9
                  Who the hell wants to ruin a Macintosh owner's day? They're all arteests, connected with the gay mafia, or Asher-fighters. Don't they suffer enough as it is?

                  And who's going to attack an arteest? That would be like mugging a mime. It would be an easy buck but one without any dignity.
                  meet the new boss, same as the old boss

                  Comment


                  • #10
                    CNet updated the story half an hour after I posted this, adding:
                    David Goldstein, director of research for @Stake, a security company that found four of the vulnerabilities, confirmed that Apple said it wasn't going to patch the flaws in earlier versions of the software.

                    "In my initial conversations with them, they said they weren't going to fix 10.2, but I wouldn't be surprised if they change that," he said.
                    "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                    Ben Kenobi: "That means I'm doing something right. "

                    Comment


                    • #11
                      Isn't this extortion?
                      For there is [another] kind of violence, slower but just as deadly, destructive as the shot or the bomb in the night. This is the violence of institutions -- indifference, inaction, and decay. This is the violence that afflicts the poor, that poisons relations between men because their skin has different colors. - Bobby Kennedy (Mindless Menance of Violence)

                      Comment


                      • #12
                        "Apple users gloat about the privledge of paying $130 each year for an OS."

                        The last time I paid for an OS was probably OS 9. Right now I'm running Jaguar.
                        "mono has crazy flow and can rhyme words that shouldn't, like Eminem"
                        Drake Tungsten
                        "get contacts, get a haircut, get better clothes, and lose some weight"
                        Albert Speer

                        Comment


                        • #13
                          I would imagine that isn't legal.
                          Christianity: The belief that a cosmic Jewish Zombie who was his own father can make you live forever if you symbolically eat his flesh and telepathically tell him you accept him as your master, so he can remove an evil force from your soul that is present in humanity because a rib-woman was convinced by a talking snake to eat from a magical tree...

                          Comment


                          • #14
                            But it IS cheap.
                            "mono has crazy flow and can rhyme words that shouldn't, like Eminem"
                            Drake Tungsten
                            "get contacts, get a haircut, get better clothes, and lose some weight"
                            Albert Speer

                            Comment


                            • #15
                              technically, a lot of people could say that as well.

                              the most i've ever paid for an ms operating system is $15, which i plunked down at uchicago. because of the academic license there, everything is heavily discounted: visual studio for 30, office xp for 15, office 2k for 10.
                              B♭3

                              Comment

                              Working...
                              X