
warning
warning incoming fanboy comments
When an online identity (group of identities) known as InfoSec Sellout made grand claims of a proof of concept worm, dubbed Rape.osx, that targets OS X, it led to a lot of heated argument and drama - including anonymous death threats and an accidental deletion of their blog. While there has still been no external proof of …
Hands up, what security minded person doesn't automatically turn off uPNP support in their gateways ?
It's bad enough that someone thought it a good idea to allow any arbitrary device on a network to make it's own inbound access rules, but doubly bad when some vendors then turn it on by default ! uPNP has no place in a secure network - end of story. So as someone else has already said, the fact that t's been turned of is good news.
They seem to be nothing more than extortionists. Although it appears that they have, for the moment, disappeared from the face of the Earth. Windows apologists just shrug their shoulders and wait for the next Patch Tuesday (and Zero-Day Wednesday). Apple apologists go out and buy guns and knives. They take their OS seriously. And imagine their reaction if God, erh Jobs were to be slammed.
Seriously, how many times has Apple had to issue patches for OSX? How many times has MS had to issue patches for 2K/XP/Vista?
Linux phanboi. Linus is God.
iChat:
"Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat ... This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat."
mDNSResponder:
"Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Mac OS X implementation of mDNSResponder ... This update addresses the issue by removing UPnP IGD support."
UPnP IGD support is removed only for mDNSResponder ... which provides packet destination resolution for iChat and other similar peer-to-peer services (on NAT'd networks).
Welcome to the real world, Apple! Now that you're finally getting a little press, you can expect a lot more attention from everyone, including snarks. Congratulations! You'll get plenty of opportunity to demonstrate the superior security of OSX in the coming months/years. Looking forward ...