Google Roasts Apple, Discloses 3 OS X Bugs

Status
Not open for further replies.

phatboe

Distinguished
Sep 2, 2006
91
0
18,580
0
I wonder if Google is intentionally Targeting MS and Apple due to them constantly bullying Google Android Partners over IP disagreements over android devices.
 

derekullo

Distinguished
Jan 25, 2009
137
0
18,660
9
The other side of the coin is Microsoft and Apple software has the most bugs.

Not bashing them. Just saying an operating system has a lot of lines of code.
 

DarkSable

Honorable
Sep 27, 2012
410
0
11,010
44
Guys, Google isn't targeting anybody. They're giving the owners of any bugs they find AMPLE time to fix them, and these companies aren't fixing serious bugs in a reasonable amount of time, then are complaining when the information is released...

This grace period is a standard practice in the industry, and is a decent balance between announcing the bugs (And letting hackers in before the company has a chance to fix them) and only telling the company, letting them not ever fix it if they don't care to.
 

Jill Scharr

Honorable
Jul 25, 2013
249
0
10,830
0
Hi everyone, thanks for your comments! From my experience, I agree with DarkSable: Project Zero is probably looking at the most commonly used software in an effort to find bugs that would potentially affect the greatest number of people, and Microsoft and Apple are certainly at the top of that list. The grace period for bug disclosure is standard practice. Apple's and Microsoft's sheer size count both for and against them in terms of being able to patch issues in a timely manner, but my understanding is that 90 days is not an unreasonably short amount of time.
 

TEAMSWITCHER

Distinguished
Aug 7, 2008
42
0
18,580
0
"..attackers would need some sort of pre-established access to the targets computer."

You should have found the security flaw that does that first, and then post this ridiculous attack piece on Apple.
 

The_Bytemaster

Estimable
Jul 2, 2014
3
0
4,510
0
These days, most of the big bugs seem to still be found in Adobe software, such as Flash and Acrobat Reader.

That said, they should give them a little wiggle room on the 90 Days. The Microsoft case was rediculous as Microsoft had the patch ready and was releasing on their next patch day, which was just a couple of days beyond the 90 days. It is proven that if you rush litle patches that in causes chaos in IT organizations and can sometimes lead to worse unpatched scenerios. Not granting them the extra couple of days did no body a service except Google.
 

therickmu25

Honorable
Aug 7, 2013
2
0
10,510
0
I'm sorry but who is Google to determine other companies timelines and guidlines for fixing problems?
Wasn't the problem with Micrsoft with the 'Kernel' in their code? Something like that would need to be quality checked beyond quality checked since it trickles down to every product that uses the software.

This whole, "they gave them reasonable time" is garbage because you don't know what the project fully entailed and neither does Google because they don't work for Microsoft or Apple and know 1. their workload, 2. What projects are fully prioritized in their day to day tasks. Completely un-professional but what would you expect from smug 20- 30 year old somethings who wear shorts and flip-flops to work and all make over $100k a year.
 

eklipz330

Distinguished
Jul 7, 2008
750
0
18,930
0
how is this in anyway a form of desperation? they have nothing to gain from doing this. they are using money from their own pocket to find security issues in other products.

it's only a benefit to them IN PUBLICITY ONLY if they refuse to patch it. otherwise, there is nothing to gain.
 

ivanthechemist

Distinguished
Apr 7, 2011
3
0
18,510
0
@therickmu25 Oh, Google is nobody. It is a nobody that found holes in their security without asking for money, time or people. Informed them for free and WITHHELD knowledge of the issue for 90 days, to protect their competitors' (clients) interests. If Microsoft, Apple, Oracle and Red Hat start mirror divisions like this, one thing is for sure - cyber security will become almost perfect.
 

alextheblue

Distinguished
Apr 3, 2001
640
0
18,930
0
Guys, Google isn't targeting anybody. They're giving the owners of any bugs they find AMPLE time to fix them, and these companies aren't fixing serious bugs in a reasonable amount of time, then are complaining when the information is released...

This grace period is a standard practice in the industry, and is a decent balance between announcing the bugs (And letting hackers in before the company has a chance to fix them) and only telling the company, letting them not ever fix it if they don't care to.
I diagree. They're deliberately finding security flaws, only giving 90 days when companies might well be swamped with working on new products and old alike, and then they assist hackers by releasing their flaws. What's Google's motivation? To help those companies? Out of the goodness of their hearts? No! They're doing it to harm their competition while trying to look like some kind of hero.
 

AndrewJacksonZA

Distinguished
Aug 11, 2011
18
0
18,560
0
@ivanthechemist: I agree with you, except "If Microsoft, Apple, Oracle and Red Hat start mirror divisions like this, one thing is for sure - cyber security will become almost perfect." In the battle of sword versus shield, the sword will eventually win.

Given enough time, money and resources, pretty much *anything* can be broken.
 

jmonaco5

Honorable
Mar 1, 2013
3
0
10,510
0
More often than not, these companies know of the security flaws. Call me a conspiracy theorist if you will, but if these security flaws didn't exist, neither would Kapersky, Mcafee, Norton and the like. I think its good that Google is doing this, its a national security issue. Our intellectual property is stolen everyday by "others" and then our own ideas are sold back to us(in products) at lower prices. Sounds like WWIII to me. Keep it up Google!
 
Status
Not open for further replies.

ASK THE COMMUNITY