OS X insecure -- how do you like 'dem Apples?

By Patrick Gray

03 November 2003 04:30 PM

Tags: vulnarbilities, patrick, jaguar, gray, vulnerability, patch, mac, security

COMMENTARY--Say what you want about how great OS X is, but Apple dropped the ball when it found out there were vulnerabilities in its flagship operating system. It didn't release a patch when the issues became public, didn't ask the company that found the flaws, @Stake, for any time to produce a free fix, and has resorted to spin to save itself further embarrassment.

Apple is blessed with an extremely loyal -- some may say fanatical -- user base. Since presenting the public with the fact that the only way to secure OS X 10.2 (and ealier versions) from several serious vulnerabilities is to purchase the newest version of the operating system for US$129, this publication's inboxes have been flooded with hate mail.

The entire trail of messages had one underlying theme -- denial. Mac fanatics have denied the vulnerabilities are serious, denied the company would leave them twisting in the wind, questioned the independence of @Stake and accused ZDNet Australia of conspiring with Microsoft to sully the good name of Apple, the loveable underdog.

To begin, let's have a look at some of these issues. Let's reconcile. Let's get along.

Claim #1: The vulnerabilities are not serious.

Not true.

One of the issues is a kernel level buffer overflow condition that may be remotely exploitable. In plain English, that's the most serious type of vulnerability there is.

True, it hasn't been exploited yet in the lab, however @Stake has not ruled it out as a possibility, saying only that "since it appears to be an overflow in the kernel the severity of 'possibly execute commands as root' is warranted".

There are some other issues which will allow an attacker with interactive shell access to a targeted machine to escalate their access level to root. Mac apologists have claimed this means an attacker requires "physical access" to the target machine. This is incorrect.

A local or remote user of a Mac server with interactive shell access could take over the whole system by escalating their privileges using the techniques described in @Stake's advisory. Furthermore, any attacker able to seize control of a trivial process with limited privileges could, once again, escalate their status to root. That is serious.

Claim #2: Apple always planned to release patches for 10.2.

Debatable, with evidence to the contrary.

@Stake research director Chris Wysopal coordinated a release date for the advisories with the cooperation of Apple's security team. @Stake actually waited -- at Apple's request -- until the release of version 10.3 of the operating system, also known as Panther, before publishing its advisories.

"They told us the fixes would be in 10.3 and asked us to wait until 10.3 was released to publish our security advisories," Wysopal wrote in an e-mail.

In other words, @Stake says it was operating on a timeline dictated by Apple. The vendor statements Apple sent to @Stake made no mention of patches for 10.2. Instead, the phrase "this is fixed in Mac OS X 10.3," is everywhere.

Both Wysopal and David Goldsmith, also of @Stake, say Apple explicitly told them there would be no free patch. "In my initial conversations with them, they said they weren't going to fix 10.2, but I wouldn't be surprised if they change that," Goldsmith said at the time.

Predictably, Apple released the following response after the proverbial hit the fan. "Apple's policy is to quickly address significant vulnerabilities in past releases of Mac OS X wherever feasible," it read. "The shipment of Panther does not change this policy. Apple has an excellent track record of working with CERT (Computer Emergency Response Team) and the open-source community to proactively identify and correct potential vulnerabilities."

Claim #3: The coverage of this issue was biased because the media is in Microsoft's pocket.

People making these types of claims should really do their homework. Microsoft does not, contrary to the belief of some, pay the media to write negative things about its competition.

It is unlikely this article had MS executives popping the cork and jumping for joy in Redmond, nor would the PR team be celebrating the publication of this item.

Notice the MS bashing and praise for the publication in the feedback to the first article listed. Criticise MS and you're an insightful, balanced journalist. Criticise anything else and you're a sell out idiot not worthy of the air you breathe.

These critics should be forced to read Josh Mehlman's brilliant commentary A Lesson in Logic before being allowed to hit the flame button on their uber-cool Mac mail clients. This publication serves to report the facts and is not aligned with any operating system developer.

Let's not forget that if Microsoft tried releasing "XP 2" instead of a security update its executives would be drawn and quartered by the media.

Claim #4: The media did not seek comment from Apple.

Both myself and my CNET colleague Robert Lemos tried unsuccessfully to extract a response from Apple. The company, at the time, was not talking about it.

So what's the point?

Whether or not Apple planned to release a free patch for 10.2, like it now says it did, is irrelevant. The fact is, until the company gets around to releasing the patches, Mac OS X users cannot update their defective product without forking out a significant chunk of their hard-earned dough for a comprehensive OS upgrade they may not necessarily want. At last check, though Apple has stated an intention to issue patches, they still had not been released at time of publication.

Apple has been given a swift kick up the backside by the press and sections of the security community and now it's releasing patches; however, the attention the issue received was warranted regardless of whether or not it planned to fix older versions of its OS. @Stake gave Apple opportunity to produce a fix. It should have seized it. Pumping out a couple of patches now will not absolve Apple of its sins.

As for the retraction of the story that kicked off this brouhaha that irate Mac zealots have been demanding, the fact remains that the only way to remove defects from OS X 10.2 is to pay the upgrade fee. Users, for the time being, are still left twisting in the wind. Apple dropped the ball. OS X is insecure, and so are a lot of its users.

How do you like 'dem Apples?

Talkback (33)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 33 comments

Add your opinion

These ZDNet "journalists& ...Anonymous -- 03/11/03

These ZDNet "journalists" sure get touchy if you criticise them. What a whinger! If you pick on people, expect them to fight back, or is this just another "controversial" troll to get more page hits and advertising anyway?

Are you sure you know what you ...Anonymous -- 03/11/03

Are you sure you know what you're writing about? You haven't done a good job of making a point.

For example, issue 1 of CAN-2003-0876 states that a attackers with interactive access to a Mac OS X system can run an app with global permissions, thus giving them the same level of access as a legitimate user on the Mac.

There is no logic in this issue. If an attacker has already been able to gain access to a legitimate user's account on a Mac OS X system, then they already have the ability to do everything that user does with resorting to running apps with global permissions.

The premise of this issue rests entirely on an attacker getting access to an account.

If any attacker on any OS can get access to a user account then the games over.

This is like warning me that if I leave my door open then an attacker can take my house keys. Der. But what if I've got the door tightly sealed?

Glass houses... Stone throwing ...Anonymous -- 03/11/03

Glass houses... Stone throwing.

Generally Apple have been faster to fixes known vulnerabilities than Microsoft. This article seems to want to fanfare Apple dropping the ball on something. Mr Gray I suggest you are just trying to garner hits for your web site and advertisers.

Apple themselves have been a little busy recently what with the release of iTunes for Windows - which on release did have some issues which were updated within days of release and the release of 10.3.

I think it is a little desperate of you issuing two articles about the same mythical problem ie YOU MUST UPGRADE TO PANTHER TO FIX THIS PROBLEM. Without giving breathing space to actually get this fix through.

I would like you to issue the same kind of article when the next Windows vulnerability appears and let's see how long it takes MS to fix it - and I mean when the vulnerability gets announced by the security companies and not when Microsoft actually admits there is a problem.

You're just after web site hit ...Anonymous -- 04/11/03

You're just after web site hits.
Damn and I've added to them!

HAS ANYONE EXPLOITED THE APPLE ...Anonymous -- 04/11/03

HAS ANYONE EXPLOITED THE APPLE "VULNERABILITIES?" NO. HAS ANYONE EVER EXPLOITED THE MICROSOFT VULNERABILITIES? ABSOLUTELY. SO IF THE APPLE ISSUES ARE SUCH BIG ISSUES AND APPLE KNEW THEY COULD GET NEGATIVE PRESS OVER THEM, WHY DIDN'T THEY DO SOMETHING??? WELL BECAUSE THE VULNERABILITIES ARE NOT NEARLY AS EASY TO EXPLOIT AS THE WINDOWS VULNERABILITIES AND APPLE KNEW THAT ANY SMART HACKER WOULDN'T WASTE HIS/HER TIME. YOU FOLKS NEED TO GET REAL ABOUT THIS. YOU ARE SO TIED INTO MICROSOFT THAT IF THE DOCTOR CUT THE CORD YOUR HEART WOULD STOP BEATING. BOTTOM LINE IS APPLE PRODUCES A FAR SUPERIOR OS THAN WINDOWS AND YOU ARE JEALOUS.

A handful of problems on Mac O ...Anonymous -- 04/11/03

A handful of problems on Mac OS X, a world of bugs and viruses and blue screens of death and frustration on Windows. Pick one.

PC Zealot? Is this author is a ...Anonymous -- 04/11/03

PC Zealot?
Is this author is a "PC Zeolot". Why so critical about run of the mill security lapses that were just discovered days ago (I say run of the mill because they affect any system that uses the C programming language)? Luckily on OS X these problems are relatively rare. There are buffer overflows announced every single week affecting Windows systems. Often MS waits months until they can batch enough of these together to warrant a "patch", and these patches often break more than they fix according to our sys admins.
So, I'm not sure I really understand where the article is going: some journalists were just flat wrong about Apple not patching 10.2 and now they just seem to be in denial about it. As for Apple not commenting, that's pretty standard in any company about security issues, has the author tried getting a one-to-one conversation with someone at MS to get a quote about a new security vulnerability? Wasn't MS one of the companies complaining about premature disclosure from journalists and security sites?
I think the verdict is in, "PC Zealot!".
:)

What a pathetic piece of F.U.D ...Anonymous -- 04/11/03

What a pathetic piece of F.U.D.!

1) The exploit (that hasn't even been proved is possible) requires an attacker to gain access to the computer BEFORE they can use this buffer overflow. It would be different if the buffer overflow allowed the access. Let me tell you something: If an attacker has already cracked an account on an OS X 10.2 box there is a much easier exploit - sudo!

2) The primary argument about biased "reporting" on this issue has been that *@Stake* is in Microsoft's back pocket - not necessarily the media as a whole. But I'll grant you, that when ZD or MSNBC says anything I always take it with a huge MS grain of salt.

3) Apple still releases patches for OS 9 when a vulnerability is found. They released patches for 10.1 after 10.2 came out, too. There is absolutely NO precedence for any kind of assumption that Apple was never going to patch older systems for this. I submit to you that, perhaps, the "fix" is already made internally, but is actually being TESTED (something Microsoft should try) prior to release.

This "article" is simply and obviously vitriolic on its face. This is not reporting. This is gleeful reveling in the perceived misfortunes of a company that has 2% of "your" marketshare. What kind of pathetic, insecure person do you have to be to make such a blatantly skewed article. "How do you like 'dem Apples?" Give me a break!

There are NO viruses or trojans that affect OS X. The OS ships with all ports turned OFF, so is secure by default. And the ONLY (current) vulnerability - which @stake admits, only MIGHT be exploitable for privilege escallation requires that a user be logged in to the system already!

This is your definition of INSECURE!?! Take a good look at the pile of swiss cheese software you have in front of you! Look me in the eye and let's talk about INSECURE!

Again the Micro$ofopoly bought ...Anonymous -- 04/11/03

Again the Micro$ofopoly bought-and-paid-for press cranks up the FUD machine. Just as great press for the 10.3 version of Mac OS comes out, you and others in the Wintel-centric "press" run an article claiming "OS X insecure". What gives?
Is it not interesting that the source of this report comes from a company noted for a couple of things: It's close business ties to Micro$ofopoly and it's recent firing of a high-level staffer that co-authored a white paper critical of Microsoft's LEGENDARY insecurity.
The charges made in this "report" are are such a stretch of the facts of the matter as to make it look like this is a mea culpa by @stake for their employee's role in the "Windows Insecurity" report. The "reporting" in the "PC" press does not headline "@ Stake issues concerns with legacy version of Mac OS", NO they headline "OS X insecure-- how do you like 'dem Apples?" Sounds kind of fishy to me.
Just exactly how much of your ZD Net's online advertising come from Microsoft and companies, like Dell, that only deal in the Wintel market? Wouldn't that make you a little sensitive to anything that looks like biased or incomplete information? I'm not questioning your intent, just your news judgement.
The facts are:
1) These so-called issues do not involve the current version of OS X at all.
2) These "vulnerabilities" have yet to be exploited and Apple is addressing the issue.
3) The all-time, all-universe, retired-the-title champion of insecurity is the Windows OS made by Microsoft. Nobody else is even close.

The problem I have with this a ...IT Expert -- 04/11/03

The problem I have with this article isn't that it criticizes Apple or that it highlights vulnerabilities in Mac OS X. Instead, the problem is that the article doesn't properly portray the context nor the seriousness of the vulnerabilities. Every operating system quite possibly has similar vulnerabilities. There have been problems with even openssh (a very popular remote access service that is often exposed to the Internet) and OpenBSD (considered one of the most secure widely available operating systems). However, one has to put this into context - how many problems have there been, (which lead to), how difficult is it to find such vulnerabilites, how difficult is it to develop an exploit, and then how likely is that expoit usable in the field?

Mac OS X ships with a lot of services turned off - this article doesn't mention the fact that a freshly installed Mac OS X system in its default configuration is quite difficult to break into even given these vulnerabilities. It is even more difficult when such a machine is placed behind IP/NAT or behind a firewall with no ports mapped through to those machines - again, a relatively common configuration.

I have no problem beating up Apple to make sure they do proper security patches for older system, but this article goes far beyond that. Instead, it is alarmist to be sensationalist. That's not professional.

I really don't understand what ...Richard Logan -- 04/11/03

I really don't understand what type of equivalence you are drawing between possible (unproven in one instance) problems, not "actual" problems for OS X users at this time, and the Microsoft security fiasco where billions of dollars have been lost by corporations just in the last few months. Not to mention the horrors of the individual user, myself included, dealing with spyware and virus', and code being patched to Internet Explorer. Just as an example, if one goes to some website, afterwards, one's homepage function no longer works properly and one is imprisoned by porno popups. Need I say anymore?

I feel I must question the integrity of this article. At best it is an attempt to attract eyeballs. At worst, one can draw their own conclusions.

It sounds like sour apples tha ...Anonymous -- 04/11/03

It sounds like sour apples that some of the Windows press harps on issues such as this. Apple never said that it wasn't going to release a patch. Just because a story gets posted on the internet doesn't make it true. You should spend your time writing stories about Windows and security issues. Fact is much better than fiction.

As usual, ZD Net jumps the gun ...Anonymous -- 04/11/03

As usual, ZD Net jumps the gun, and puts out a story full of crap. Please read some of the more responsible computer columnists pieces today (and yesterday) and you'l see that your story is so much muck. The security issue was miniscule compared to Microsoft's problems, and the issue has been addressed already in Apple's Panther AND the previous version, Jaguar. Also some objectivity might be in order regarding the cozy relationship between @stake and Microsoft. This issue is so obviously a very transparent attempt to shore up Windows' poor security record by attempting to muddy the Mac OS's reputation. Sorry. It didn't work.

@Stake is known to get alot of ...Anonymous -- 04/11/03

@Stake is known to get alot of funding from Microsoft. There is the small yet often overlooked fact that they fired their own CTO the day after his name appeared as co-author of a report that openly criticized MS for their "swiss cheese" security, and dared to suggest that governments and other industries would be better served by ditching MS and going open source.

Like it or not, that puts @Stake in a very bad light, appearing to be an MS lapdog. That damages their credibility as an objective independent company

Apple has said publicly it will release the patch for 10.2.8 Since the development team has been focusing all of its effort on 10.3, I'm will to wait a few more days for the patch to be posted.

HOWEVER Apple needs to get it done now.

Looking at a networked environment, I like to use a mix of Linux, Unix, and OSX.

As for "OS X insecure" I'd pick it over any flavor of Windows and its 'security' any day. How do you like dem Apples?

>>>>>People mak ...Anonymous -- 04/11/03

>>>>>People making these types of claims should really do their homework.

........Both Wysopal and David ...Anonymous -- 04/11/03

........Both Wysopal and David Goldsmith, also of @Stake, say Apple explicitly told them there would be no free patch. "In my initial conversations with them, they said they weren't going to fix 10.2 ...........

say? isn't this the same guy who is the only other person in the world besides MSFT who says that security flaws should be kept a secret? except of course when dealing with anybody else besides MSFT i guess. and aren't these the same folks who fired their colleges after those colleges wrote that governments should consider more OS's rather than one buggy one?

and these are the people you want to take their word for? hello?

(People making these types of ...Anonymous -- 04/11/03

(People making these types of claims should really do their homework. )
try again on this comment...

actually ZDnet, you should do the homework ,@stake is paid by MSFT, DIRECTLY, as a paying client, and MSFT had several employees at @Stake fired for writing something negative about MSFT and security..... that is what was meant by "such claims", because it is for real... LOOK IT UP....... what in the world did you think you thought those claims meant?????

speaking of homework, the reason that the exploit couldn't be duplicated in a lab, was because it was not a buffer overflow that could be exploited, that is what is meant by it not being serious, because it has to by pass several other security measures before it would have been a threat, that is why it couldn't be duplicated....... which homework did you not do?

as for the rest of your arguments, they are as poorly formed at these two.... maybe you should actually try and do some of that homework you claimed next time....

jon.

Using OSX in a large Windows e ...Anonymous -- 04/11/03

Using OSX in a large Windows environment shows the real world difference : OSX is secure, windows is not.

Every connection to the net brings with it security risks. This risk in OSX is virtually non existent or at least minimal, whereas without a separate firewal we couldn't even install XP updates after clean install without being infected through the net. Our windows administrators have a lot of work keeping up with weekly and monthly patches to windows: those are the machines that are actually accessed. In contrast OSX machines have yet to encounter a real world problem.

After all the patchwork of the last months I like 'dem Apples more then ever.

Reading this "article&quo ...Anonymous -- 04/11/03

Reading this "article", one repeatedly gets the overwhelming impression that the author thoroughly creamed his pants by blowing out of proportion this OS X security issue in Jaguar. Considering the extreme rarity of such a situation, I smile at the idea that the author will have have no other option than his regular hooker for his next 30,000 kicks or so. Bwahaha! Go back to your virus-infested world indeed!

"OS X is insecure, and so ...Anonymous -- 04/11/03

"OS X is insecure, and so are a lot of its users"
1. You must have meant OS X version 10.2 in your hurry to condemn Apple, because 10.3 is secure (and so are its users, la-la-la-la-la).
2. Well, even with this SINGLE security flaw, Jaguar/10.2 is still infinitely more secure than any version of your beloved Windoze.

I like 'dem Apples just fine, boy.

Um... Apple has continued to p ...Anonymous -- 04/11/03

Um... Apple has continued to post security and other upgrades for OS 9.x. What makes you think they wouldn't continue their track record of support with OS X? And that skewed logic of "They can't secure their systems without paying the upgrade cost of Panther". So what? There hasn't been a single instance of system tampering using this "insecurity". This article if not "inspired" from Redmond is at least the result of sour grapes from the "Winblows" cheerboys. It's almost as transparent as the PHONEY Microsoft switcher ad that was posted on the web. How pathetic, how transparent. Go back to your Dell.

Mac User = Moron This equation ...Anonymous -- 04/11/03

Mac User = Moron

This equation has just been re-enforced by reading the comments posted in response to this article.

The level of technical ignorance in the Mac community is astounding...

Apple user: Oooh, pretty computer. It matches my curtains... must be good.

This is indeed an extremely serious vulnerability. If an exploit has not yet been developed, IT WILL. You are all far too busy defending apple, when you should be sending them an email telling them how outraged you are that their operating system is insecure.

If this were a windows vulnerability, you would all be reassuring yourselves that apple is wonderful, and how "evil" microsoft must be to have created such an "evil" operating system. Well, now the ball's in your court, all you can do is deny that there is a problem or that the problem is serious.

I will laugh when a trojan is created that remotely exploits this vulnerability and installs itself with root priveleges onto every vulnerable OS X machine. Maybe then, you'll all snap out of your trance of ignorance and lay blame in the right direction.

The very Green Jason sure can ...Jason is green -- 04/11/03

The very Green Jason sure can spit quite a few insults at "ignorant" Mac users, but hasn't shown himself to be particularly knowledgeable about anything. You deserve your PC.

This is one lame article. Appl ...Anonymous -- 04/11/03

This is one lame article. Apple has be quick to fix problems in the past. Maybe they slipped up this time. But they have in the past been very good, and much faster than Microsoft to issue security updates.

The leading paragraph of this article shows the colors of its writer - that he looks down his nose at Apple and is seeking to slam them as hard as he can and still appear to be fair. This article makes a lot of good points, but in the end, it has the smell of bias.

How do I like 'dem Apples? Thi ...Anonymous -- 04/11/03

How do I like 'dem Apples? This article screams "I AM ANGRY", "I HATE APPLE", "I AM ANGRY", " I'M GONNA GET APPLE AND ALL THOSE APPLE BOYS"...... "AARGGHHHH"

I find it quite amusing to see ...Anonymous -- 04/11/03

I find it quite amusing to see all of these "experts" praising Apple and all that it does, but refusing to put their name against their comments.

Keith - I think you'll find th ...Anonymous -- 04/11/03

Keith - I think you'll find this may be due to the design of this message system. It isn't obvious what will happen if you select the wrong radio button when posting.

Jason - Ignoring your cheap jibes... Despite what you think we don't gloat over Windows vulnerabilities - it messes up our internet just as much as it messes up yours. I also should remind you that ROOT access is not enabled in OSX out of the box so I think you should take a look at what the system actually does before you go mouthing off.

ZDNet yet again throws off ano ...Anonymous -- 04/11/03

ZDNet yet again throws off another big chunk of their credibility in what appears to be a childishly self-serving, somewhat uninformed and insulting opinion piece. I need another tech outlet calling me a "Mac zealot" because I'm an incredibly pleased customer of over 10 years, working with a well-designed operating system and hardware that has no known viruses. That makes me a "zealot?" Thanks but not quite. ZDNet is one tech site amongst many. Much more of this kind of Fox News-style yellow journalism, and I will find myself a new source of information.

Mr. Gray, Having read your mos ...Anonymous -- 04/11/03

Mr. Gray,

Having read your most recent writing it is obvious that you are more than a little hurt by the comments on your recent OSX security article. It's understandable to be hurt, but attacking your audience is akin to the RIAA suing music lovers.

- You thought you had the scoop on a big OSX insercurity
- You didn't bother to research it's accuracy
- You didn't research the source of this possible big scoop
- You jumped the gun and wrote a sensationalistic article
- You got it wrong, hey it happens
- You got flamed
- You tried to defend yourself by attacking your readers

That last part is not so cool, you should be thankful anybody reads your coloumn at all. You would be better off admitting you experienced "premature publication" and updated your article. This would regain the credibility lost in the eyes of your readers.

As for the issues of security in OSX - if there is ever anything worth reporting, i would like to know about it. This however is not it. Apple has established a very good reputation for security and for fixing security flaws. Even if security was my only concern when choosing an OS, I would choose Apple's solution over any other available system even containing this so called vulnerability. I would go so far as to recommend it to you.

Please research your articles more carefully, you and your audience will benefit greatly. Also please keep your personal opinion from tainting the facts. Objectivity is not only the mark of a good jounalist it is essential for any professional. Your editor is as much at fault here so I am forwarding this message to him/her.

-Robert

PS. You spend more time looking at your computer than you do the faces of your loved ones. Make the experience count - GET A MAC.

Is this the way everyone behav ...Anonymous -- 05/11/03

Is this the way everyone behaves in Australia? This is a very childish piece of journalism. I am amazed that it got published on a supposedly balanced tech news site. It's bad enough that I as a Mac user get insulted by knowledge-less idiots on a regular basis, now I have to read this from a "respected" journalist? I won't be visiting ZDNet Australia or Patrick Gray articles any more.

Too bad. Whatever good points the author may have had went right out the window with his immature display.

Are you paid by Micro$oft..? ...Anonymous -- 06/11/03

Are you paid by Micro$oft..? You would have a full time job there reporting on all the hundreds and hundreds of security vulnerabilities that Micro$oft miss when developing software. Its interesting that your so concerned about a fault in a previous Mac OS build. Maybe you should do a review on Windoze 2000 and its vulnerabilities....now where would you start?

You are correct about pointing ...Anonymous -- 29/11/04

You are correct about pointing out Apples secrecy and their occasional reluctance to admit security problems but the rest of your article is flimsy at best and is poor and uninformed journalism.

Facts
1- Current OSX (10.3 not 10.2) is secure - your title is misleading at best

2- Windows never has been and never will be secure

3 - 10.2 is a few years old - imagine Microsoft releasing SP2 to make Windows 2000 secure - yeah right!

4 - Doesn't your statement below just prove how you can't even construct a flimsy case for your obviously biased position

|Claim #1: The vulnerabilities are not serious..
|True, it hasn't been exploited yet in the lab

Clutching at straws. Better luck misrepresenting facts next time

We proved this trash article wrong Anonymous -- 30/05/07

I just read this and it's obvious that now, years later, Apple is releasing FREE updates to the os that you claimed would be charged for and yet still there are very few issues with security.

Get a clue and stop promoting that microsuck trash.