查理·米勒宣称将一口气公布20个Mac OS X漏洞

“Mac OS X就像是你生活在一所乡村里的，没有锁的房子，而Windows则是一间只有门闩的城市公寓。”

---查理·米勒

微软和苹果哪个更安全，这个争论可以暂时结束了，黑客查理·米勒今天宣布将在CanSecWest安全会议上一次公布20个来自Mac OS X的0day漏洞，这意味着OS X的操作系统安全将全面崩溃，对此，米勒发表了文章开头的评论。

他认为，购买缺乏保障的苹果电脑的人的脑海中根本没有安全方面的疑问，OS X在过去的一年有着比以往更多的安全漏洞，并且还有更多的漏洞被挖掘出来。

虽然Mac OS X相当不安全，但Windows漏洞的影响面明显更广，为了90%的市场，相对OS X，黑客会对Windows的漏洞更有兴趣。

---

以上转自：http://cnbeta.com/articles/106658.htm

很简单的事实，没人制造苹果病毒，win病毒那数量无法说
目前，没有人会在苹果机上装防毒软件，因为不需要，除非苹果跟win PC一样多，但这是不可能的

Mac OS X: "safer, but less secure" - Update

Security expert Charlie Miller intends to disclose a potentially record-breaking 20 zero day security holes in Apple's Mac OS X in one fell swoop. The details are to be revealed in his presentation at the Canadian CanSecWest security conference next week. Miller, who is already known for havingdiscovered a number of bugs in Mac OS X, talked with heise Security, The H's German associates, about his new findings and about the security of Apple's operating system beforehand.

The approximately 20 zero-day holes are contained in closed source Apple products, said Miller. "OS X has a large attack surface consisting of open source components (i.e. webkit, libz, etc), closed source 3rd party components (Flash), and closed source Apple components (Preview, mdnsresponder, etc). Bugs in any of these types of components can lead to remote compromise", he emphasised.
Miller discovered the new vulnerabilities by fuzzing, a process which involves bombarding an application's input channels with as much corrupted data as possible. His presentation is subtitled: "An analysis of fuzzing 4 products with 5 lines of Python". The expert explained: "The talk is about what you really find when you fuzz and it tries to draw conclusions about what to expect in the future when you fuzz a mature product." Parts of the presentation apparently consist of statistics, for instance, about which percentage of flaws causes crashes, and which percentage can be exploited remotely.

In cracking competitions, it is regularly the Apple systems which are cracked first by attackers. Miller has argued for some time that Mac OS X is among the comparatively insecure operating systems. Apple users are currently "safer, but less secure", he said. While malware authors don't concern themselves with the relatively small number of Apple users, Miller said, the size of the market share is no longer a valid argument in targeted attacks such as operation Aurora: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."

In Miller's experience, Apple's position in terms of security continues to be quite relaxed: "They sell lots of computers and nobody doesn't buy Apple computers because of a perceived lack of security. So in their minds, they don't have a security problem until it affects their bottom line, which hasn't been the case, yet", said the expert.

对于家庭用户，无论Windows还是OSX都可以够安全了，至于关键的服务器应用，目前没几个人会用Mac OS X。

乡村贼少，城市贼多，所以还是mac os安全

才20多个啊

比喻得很贴切.

我觉得是货真价实的漏洞

感觉这厮是不是绿色和平组织的成员啊，如此红果果地讹诈。至少方法跟绿色和平是一模一样的。