Apple bug fixer may extend project

Apple bug fixer may extend project

Summary: Landon Fuller, the developer behind January's Apple bug-fixing project, may expand the initiative to address Mac zero-day vulnerabilities in the future

SHARE:
TOPICS: Security
1

The developer behind the Month of Apple Fixes is considering continuing the project to provide "zero-day patches" for critical issues affecting Mac OS X users in the future.

Landon Fuller was an engineer in Apple's BSD Technology Group, and one of the principal architects of the Darwin Ports project.

Fuller started the Month of Apple Fixes (MOAB Fixes) project in response to the Month of Apple Bugs (MOAB) project, which promised to feature a new Apple software bug for each day in January.

MOAB has now finished, but Fuller is keen to expand the MOAB Fixes initiative into a project similar to the Zero-day Emergency Response Team (ZERT). ZERT is a group of engineers and security experts from industry, community and incident response groups that offers unofficial patches during malware crises.

"Perhaps [it could be] the Mac OS equivalent to ZERT," Fuller told ZDNet blogger Ryan Naraine.

While Fuller and the MOAB Fixes group maintain that a vendor-supplied update is always preferable to a third-party patch, the group may continue the initiative to give Mac users a choice.

"This is more about providing the option, as well as fixing the issues for our own use," Fuller said.

Throughout the MOAB project, Fuller and a group of volunteers — mostly close friends — collaborated on a Google Group to respond to each reported issue with a runtime fix. The group spent between two and eight hours a day coding and testing the fixes but didn't patch kernel bugs because, as Fuller explained to Naraine, "the cost for a mistake in a kernel patch is very high".

Fuller initially suggested extending the project on 19 January, when the idea was met with cautious approval by the other members of the project.

Developer William A Carrel said: "There certainly seems to be utility in projects such as ZERT, which seems to be Windows-focused. Most open-source projects already have a thriving community which can deal with these things. It wouldn't hurt the Mac community to have this too, that is as long as the user community can deal with the situation in a way that doesn't include shooting the messenger or decrying 'unofficial' fixes."

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Foil Hat On...

    Being one of the resident Mac supporters on the board - did anyone else find it interesting that William Gates this week, when finally getting fed up with all the OSX comparisons, bought up the fact that people are finding bugs everyday on OSX?

    It makes you wonder if the Month of Apple Bugs wasn't in some way encouraged by MS to counter some of this press coverage from starting during the Vista launch.

    To quote old Bill from Steven Levy's Newsweek article:-

    "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally."

    Well first of all that fact Bill uses this as an example is kind of telling. But also I think you'll find that the FIRST bug was a possible issue which Apple then fixed on 23rd Jan and the rest are kind of lame Trojan effects, most requiring input from the user to actually achieve an effect.

    I think we should be told.
    jgpmolloy