Hacker News new | past | comments | ask | show | jobs | submit login

Perhaps - but Apple has used very old core utilities for a very long time (licensing issues) but ensures they get security updates. Until recently, they used, what, bash from 2006?



There's no licensing issue with LibreSSL, nor any of the other ancient utilities from FreeBSD or elsewhere that Apple doesn't keep up-to-date.


There were issues with utilities that were using GPLv3. That is why they switched to Zsh instead of Bash for example.


If the old version has known security flaws it should be possible to exploit them, correct?

If those exploits don’t work perhaps Apple is playing dolly nuggets with the version number.


Nah, there are all sorts of missing features, some of which were added over a decade ago. With a few small exceptions and modifications much of the Unix base has been quite dead for a long time.


The suggestion being made is that bugs and vulnerabilities are being fixed without adding new features, in order to provide a safe but very stable feature set.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: