Hacker News new | past | comments | ask | show | jobs | submit login

Apple includes a lot of third-party software in OS X, and if they don't start patching those packages as promptly as the software maintainers do, exploiting these non-Apple or open source packages could become a common strategy. Attackers can watch other platforms roll out updates before Apple and then target the same software in OS X. Not that the same vulnerabilites will always work, but it's certainly a worry.

This particular exploit is not a great example, since they removed Java by default. But all the other cross-platform software that is included is worrisome if not prompty updated.

That's a good observation. Avoiding GPL3 software, like newer versions of bash and gcc, might have the unintended consequence of putting their users at risk.

I highly highly doubt we'll see a day when there are significant exploits for Joe Soap Mac User from a bug in bash or gcc. Those are not software that Joe Soap is likely to have install (e.g. gcc), or will be hard for a website to run.

I think they install bash by default, not sure if they use gcc's libstdc++.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact