Let's see. What is the REAL exposure?

1.) MSOffice can crash (now THAT'S news - or is it a feature?)

2.) The vulnerability can cause an existing Applescript to run. BUT it CANNOT deliver nor install a malicious script.

Oh no!! A script I loaded intentionally may run!

But it gets better!!! As if LOT'S of folk are running IE on MacOS 8 & 9!!!! Let's see - let's set the WayBack machine for 1998...

Just another example of the MS programming prowess that we have all come to expect...

Yeah, but DON'T bother to take a few moments out from reformatting hdisks, patching Windows, and running anti-virus scans at BestBuys to read the REAL info - depend upon emotional rants and rat droppings...

***********************************

Technical description:

This is a cumulative patch that, when applied, eliminates all previously
released security vulnerabilities affecting IE 5.1 for Macintosh, and
Office v. X for Macintosh. In addition, it eliminates two newly discovered
vulnerabilities.

- The first is a buffer overrun vulnerability associated with the handling
of a particular HTML element. Because of support for HTML in Office
applications, this flaw affects both IE and Office for Macintosh. A security
vulnerability results because an attacker can levy a buffer overrun attack
against IE that attempts to exploit this flaw. A successful attack would
have the result of causing the program to fail, or to cause code of the
attacker's choice to run as if it were the user.

- The second is a vulnerability that can allow local AppleScripts to be
invoked by a web page. This vulnerability can allow locally stored
AppleScripts to be invoked automatically without first calling the
Helper application. The AppleScripts would run as if they had been
launched by the user, and could take the same actions as any AppleScript
legitimately launched by the user. The AppleScript would have to already
be present on the system; there is no way for an attacker to deliver an
AppleScript of her choosing through this vulnerability.

Mitigating factors:

Unchecked Buffer in HTML Element:

- Successfully exploiting this issue with Office files requires that a
user accept files from an unknown or untrusted source. Users should
never accept files unknown or untrusted sources. Accepting files only
from trusted sources can prevent attempts to exploit this issue.

- A successful attack using HTML email would require specific knowledge
of the user's mail client and cannot be mounted against PC users.

- A successful attack using an HTML web page would require the attacker
to lure the user to visiting a site under her control. Users who exercise
caution in their browsing habits can potentially protect themselves from
attempts to exploit this vulnerability.

- On operating systems that enforce security on per-user basis, such as
Mac OS X, the specific actions that an attacker's code can take would be
limited to those allowed by the privileges of the user's account.

Local AppleScript Invocation:

- The vulnerability only affects IE on Mac OS 8 & 9.

- A successful attack requires that the attacker know the full path and
file name of any AppleScript they want to invoke.

- The vulnerability provides no means to deliver an AppleScript of the
attacker's construction: it can only invoke AppleScripts already present
on the user's system.

Wow, someone is touchy, someone bashed his precious. Use more exclamation points, makes you more credible.

Mac sucks.

What goes around...

Actually I live in AIX all day long.

I simply get tired of the infantile rants from the Windows teenagers whose total world experience is playing games and who seem to think they gain ground by obsessively worrying about a system they say doesn't matter! And use such deep cogent arguments to make their point!

I simply get tired of the infantile rants from the Mac teenagers, so this thirty something likes to push buttons.

Errr...they may not be teenagers, that was a sorry attempt at an insult to them, I apologize.

Yes, students performing tech support at universities are typically students as well (18-22 years old).

I also realize that by referring to someone who attempts to push their bias by using emotional rather than reasoned means as a being of a maturity level typical of a teenager may have been overestimating their mental capabilities.

I personally don't care which OS works for you or others. It would just be nice to hear a more mature case made than that which summarizes your case precisely. Indeed, something around here does "suck", to repeat your erudite analysis. It just isn't OSX's suceptibility to malware.

...

"I see. Mac is
secure if you
don't install
anything on it"

...

Good point !

..

The Computer Rodent

...

Go away.

Ohhhhh, I see. Mac is secure if you don't install anything on it.

Look what you've done, now you've opened yourself up to "Well it took a MICROSOFT product to unsecure a Mac!" comments.

Exactly...not sure what the downside is to that. It's usual rhetoric for MS, but cake in the face for Mac.

Hahaha! Like lots of folks are running IE on OSX! And I guess even MORE are running MacOS 8 & 9!

And the fact that MSOffice can crash running in its own little sandbox - yep, that sure embarasses Apple! MS can be PROUD!

But as far as fundamentally compromising OSX...oh...it can't.

So evidently, using the Windows bigots' illogic, on Windows, MS Office has greater capabilities than on Apple! That IS a good thing....right????

You know, its really sad to watch the Windows folk think that they have levelled the infantile debate over which OS is best by trying to imply that a single Mac breach is equivalent to the tens of thousands of Windows breaches. Yup, they sure are swooft!

Besides, one wonders how they have time, especially considering that the fundamental and fatally flawed paradigm of modern programming called ActiveX is resident in Windows. Enjoy!

Hahaha! Like lots of folks are running IE on OSX!

You would probably be surprised how many. When I was working as support for faculty and staff and my university, most of the mac users I encountered used IE as their primary browser.

You know, its really sad to watch the Windows folk think that they have levelled the infantile debate over which OS is best by trying to imply that a single Mac breach is equivalent to the tens of thousands of Windows breaches.
Just like the sadness there is watching mac users claim the fact their minor marketshare has yet to be targeted to the degree and severity Windows has is proof of its security.

No OS can be proven secure, only insecure.

I 'm sure there is a point there somewhere!

At least we know we're dealing with a world weary 20 something with vast world experience!

And the majority of Mac users use IE. Right! The fact is, the Safari users would not be coming to you for help!

And as asinine as the OS debate is, you chose to continue it with your assertion that because a threat can be created in a lab running in an OS sandbox that OSX is as fundamentally insecure as Windows.

You are wrong!

While I will maintain that no OS is perfectly secure, the relative difference - that which constitutes reality for the majority of those on Earth - is striking! And the fact that one or two incursions can be posited against one OS, does not make it as insecure as the other OS which suffers in the tens of thousands of unique threats each year!

And whether it is due to a conscience effort on the part of malware authors, or elves, or disgruntled ex-produce pickers is meaningless!

The REALITY is that one has a distinct advantage over the other in this regard! If you can't deal with this, get counseling!

As far as which OS is best, use the one that suits your needs! Who cares what someone else is using! This pathological obsession that some have over what others are using has grown quite old.

But for some reason Windows users seem have a great deal of difficulty dealing with a PC that can run Windows, OSX, Linux and BSD, etc. concurrently on the same machine.

The irony is that most here who live in the world of games, DVD, and debates over HD formats have no idea what capabilities are taken for granted on large systems such as AIX with such simply functionlity as what LVM offers - let alone what features such logical partitioning, etc. offer at the OS level. And if you were, you would find the claims regarding any of the desktop OSes you champion, ridiculous.

Yep - Windows is basically a toy OS, compared with things like Vax VMS or Unix and its variants. I considered Mac OS 9 and below to be toy OS as well ---- but OS X is really up there with big boys!