News about our new news

As mentioned recently, we here at ISFYM usually try to report the news rather than create it. This week, however, it seems we’ve done a bit of both. All last month we closely followed, and reported on, the Month of Apple Bugs (MOAB) project. This week, however, we followed it so closely that we actually fell in, helping to create new news.

As we reported hastily, and then with a bit more detail, on Tuesday, we discovered that the MOAB Web page describing bug #29 (to which we’re still intentionally not including a link) was maliciously crafted to, at minimum, cause certain versions of Safari to hang up. So far no one has determined that the Web page did anything worse than that, but that’s not outside the realm of possibility. The page downloaded a 370KB file to any computer that visited it and could have, in theory, caused code in the file to be executed. No such “arbitrary code execution” has been reported “in the wild,” but the MOAB project keeps claiming it’s possible, so we definitely shouldn’t rule the possibility out.

Once we got up our hasty blog entry, we went on to further investigate the situation, reporting it to Apple and elsewhere. We noticed that the excellent Macintouch publication was unaware of the situation, and was in fact publishing a direct link to the malicious page in question. We alerted them and they quickly took the link down, replacing it with information we provided and a link back to our blog entry.

In the past couple days, a number of other publications have picked up “our news” and provided stories and links of their own (many back to us) about the situation. Beyond Macintouch, these include Ars Technica (in their overall wrap-up of the MOAB project), MacNN and MacDailyNews. And we expect other publications may report on the story in the days and weeks ahead.

It’s always been the goal of this blog to report on relevant Macintosh Internet security news as that news developed. It’s been sort of rewarding, however, to actually help that news develop, and then to report on the news reports about our doing so. Hopefully it won’t happen too often though :)

Finally, speaking of reporting the news, just wait until you hear what Bill Gates had to say about Apple security, Apple’s ads, and, yes, the MOAB project! Coming soon...

Friday, February 2, 2007

next >

< previous

blog home book home

Technorati tags: security, Macintosh, Mac, Apple, firewall