04 Nov 2006
Who's Taking Bites Out of Apple

Or maybe a better question would be, "Who's been drinking the Kool-Aid?". Read both these article carefully. From the security report quoted in the first piece:

The malware, dubbed "Macarena" in tribute either to the summer music hit of 1996 or to the game Quake Arena, has a certain proof-of-concept character to it, Symantec reports. What exactly that means is not cogently explained in Symantec's virus description. The virus nevertheless infects other data in the folder in which it is started, regardless of extension. It appears not to possess an internal processing routine of its own. It may require the aid of the user to spread it by sending it out by mail or passing it via removable storage media.

This is a virus? They're reporting a total of less than 50 "infections" worldwide. But wait, it gets better! Here's the lowdown on the Wi-fi "flaw":

It affects only the AirPort driver provided with wireless cards shipped between 1999 and 2003 with PowerBooks and iMacs, the posting said. To launch an attempt, the hacker would have to be on the same wireless network as a vulnerable Mac. The attack entails trying to trigger a memory corruption flaw by sending a malformed data packet to the computer, according to Moore's advisory. But the process isn't easy, and Moore hasn't yet been able to gain complete control over a vulnerable Mac.

In other words, this is a flaw that could crash a small subset of older Macs. Would it be news if someone discovered a flaw in a Windows 98 driver tomorrow?

These tales have the rank aroma of FUD lurking about them - I'm sure it's possible to craft malware that attacks OS X, but I'm equally sure it's several orders of magnitude more difficult than crafting an equally malicious attack on Windows, strictly due to the core system architecture. In other words, it will probably happen - someday. But not today.

Demo Virus For Mac OS X Released

Heise Security has a report about new Proof of Concept virus for Mac entitled as OSX.Macarena by AV vendor Symantec. Symantec suffered from a slight lapse when it recommended in the first version of the virus description that users clean the system by deactivating the system restoration (Windows ME/XP). It is known that the virus infects other data in the folder in which it is started, regardless of extension, says Heise.

(link) [Slashdot]

Another Apple Wi-Fi Flaw

Kicking off a "month of kernel bugs," a security researcher has released attack code that he claims exploits a new security hole in wireless software from Apple Computer.

(link) [CNET News.com]

08:55 /Technology | 0 comments | permanent link