As time progresses there are new tasks that arise that require more computational power (video editing, parallel processing expiraments, virtual machines) which cause machines to be obsoleted. You should use a system until its no longer able to do the tasks you require of it. No, I don’t support that from a consumer’s perspective. Regarding Webkit, it’ll be interesting to see whether the different parts being isolated off will result in a more secure experience as with the case of webkit2 versus webkit1 hopefully we’ll get to see some security boffins having a good hack away at it to see whether all the hard work has paid off. One thing that has surprised me is how Apple is still supporting 10.5 given how quick they are to throw the old release under the bus and push people onto the next version (especially so given the cheap price of Snow Leopard and same low price repeated again with Lion). What has always confused me is how Apple is so happy to break compatibility when it comes to adding or enhancing something but apparently it is ‘one step too far’ when it comes to breaking compatibility for the sake of security – implementing ASLR system wide has only just come to Mac OS X Lion for example, something that should have been implemented in Snow Leopard (if you’re going to break a couple of things why not go for gold and smash a few more things whilst you’re at it?). About time, considering it’s over ten years old. Of course, this might just mean that Apple HASN’T fixed the one that allows a maliciously-crafted PDF to set your printer on fire but I hope this means that OS X is finally maturing as a secure platform. This issue is addressed through improved tracking of origins. Visiting a malicious website may lead to files being sent from the user’s system to a remote server. Impact: Visiting a malicious website may lead to files being sent from the user’s system to a remote serverĭescription: A cross-origin issue existed in WebKit’s handling of windows. To Apple’s credit, I had a quick scan through the list of fixes, and there were no thigh-slappingly-hilarious ones. There’s normally a whole bunch of security fixes for things that you’d never believe could make it through quality assurance, such as “Entering a password with three letter A’s causes the user’s privileges to escalate” and “Guest users can use ‘cron’ to run malicious code after they’ve logged out”. Usually, looking at a list of security fixes in Mac OS X updates is like watching The Three Stooges: You laugh at all the buffoonery that’s happened.
0 Comments
Leave a Reply. |