Last Mac OS X 10.6.4 update this was an undocumented patch to fix a door left open to potential malware.
In particular, has been updated to secretly XProtect.plist file that contains information to identify potential hazards Mac OS X. XProtect.list now includes the information necessary to identify HellRTS, Sophos identified as a trojan OSX / Pinhead-B and is distributed disguised as iPhoto.
The update has not gone unnoticed, though not present in the release notes. Graham Cluley of Sophos has indicated as of this update has fixed a vulnerability in the system.
Cluley pointed the finger at the vulnerability of Apple users out of hand protection from viruses, using a security video of Snow Leopard (which provided at the end of the post).Obviously Cluley draws water to his mill, but the fact that Apple systems are not targeted by hackers for the moment, does not mean that in future the problem can not be present and they do not guarantee the invulnerability of the system.
Anyway, Apple is not the first producer of operating systems not to reveal the contents of some updates, especially when they concern Safety. Just last May, Mass with their backs to the wall by Core Security Technologies Microsoft has admitted not revealing all bug-fixes related to security of their software. Core Security Technologies had in fact traced at least three updates not documented in the recent upgrade of Microsoft.It remains an open question whether a producer of operating systems is required to disclose to its users each update on safety. If, as with Apple, it was recognized from the collective imagination as an OS is more secure than the competition, it is difficult to reveal their faults, as this could affect the corporate image. On the other hand, should be given confidence to OS vendors, in particular the choice of development priorities of its software. The answer, as always, is in the hands of users.
No comments:
Post a Comment