10.6.3 is Imminent…Maybe the Malware’s Not Far Behind?


It looks like we’re getting close to the official release of 10.6.3, the latest update to Mac OS X Snow Leopard — and, from what we’re hearing on the developer grapevine, it might prove to be the most extensive Snow Leopard (s aapl) update yet.

TUAW reported on Friday that the latest build of 10.6.3 (known as 10D572, for those of you paying obsessively-close attention) was seeded to developers only two days after a previous build. Typically, ever-shortening intervals between build seeds indicates imminent release to the public. TUAW describes the latest build as focusing on “Graphics Drivers, Quicktime, Images & Photos, Mail, and Security Certificates.”

Oh, what’s that? Want more details? OK, here’s the full rundown of features and fixes we can expect in 10.6.3;

  • Compatibility issues with OpenGL-based applications
  • Performance improvements for 64-bit Logic
  • Changes to QuickTime X that increase reliability and improve compatibility and security
  • Printing reliability and compatibility with third-party printers
  • Issues resolved that prevented files from copying to Windows shares
  • Issues resolved with recurring events in iCal when connected to an Exchange server
  • Issues resolved that prevented files with the “#” or “&” symbols in their names from opening in Rosetta
  • Issues addressed that caused background message colors to display incorrectly in Mail when scrolling
  • Issue resolved that caused machines using BTMM and the Bonjour Sleep Proxy to wake unexpectedly

OK, as far as lists go, this one’s not not very exciting, I know. But, what if you fired-up Software Update and were offered the latest pre-release version of 10.6.3? Would that excite you?

Update Snafu

According to TUAW’s Michael Grothaus, this is exactly what happened to one Mac owner last week. They don’t name him, probably to save him the email-avalanche from other Mac owners — not to mention the inevitable Cease & Desist order from Apple (you just know Apple would bully the poor chap into silence, right?) but they do offer up this tantalizing screengrab of the autoupdate snafu:

Image courtesy of TUAW

Grothaus writes that the update “…weighs in at a whopping 1.19GB” and, at that size, I’m happy to wait until Apple has finished tweaking (and trimming) the code!


But the thing I’m most interested in is whether 10.6.3 addresses the alleged boat-load of security exploits identified by hacker extraordinaire and security expert Charlie Miller. At this week’s CanSecWest security conference, Miller will discuss how he discovered them (all 20 of them) via a process known as ‘fuzzing’. His presentation is subtitled “An analysis of fuzzing 4 products with 5 lines of Python” and, according to security website h-online.com, those 4 products are all made by Apple;

In cracking competitions, it is regularly the Apple systems which are cracked first by attackers. Miller has argued for some time that Mac OS X is among the comparatively insecure operating systems. Apple users are currently “safer, but less secure.

“Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.”

Miller said that the 20 exploits are all contained in closed-source Apple products, but pointed out that exploits could be found throughout Mac OS X due to bugs in many popular applications from different vendors;

OS X has a large attack surface consisting of open source components (i.e. webkit, libz, etc), closed source 3rd party components (Flash), and closed source Apple components (Preview, mdnsresponder, etc). Bugs in any of these types of components can lead to remote compromise.

Sooner, Not Later

It seems not a keynote goes by without Steve Jobs showing us one of his shareholder-and-media-friendly line charts illustrating Macintosh sales. You know the ones, always trending up-and-to-the-right. Apple is clearly proud the Mac is selling better than ever (in a conference call in late 2009, Apple announced that, for 19 out of the previous 20 quarters, the Mac grew faster than the rest of the market!)

Statements from Apple regarding sales are always kinda tricky; they’re usually vague enough to allow pretty much any positive interpretation but, for the most part, we can at least agree that the Mac has been enjoying fantastic growth. The old days of ‘security by obscurity’ are drawing to a close. Sooner, not later, Mac-specific malware will come. (You know, the real malware of Windows-exploit proportions!)

Miller says that “… in their minds, [Mac owners] don’t have a security problem until it affects their bottom line, which hasn’t been the case, yet.” And that ‘yet’ is the real issue here. Mac OS X 10.6.3 probably addresses some vulnerabilities — we can expect at least that much — but I wonder how obsessively Apple focuses on the security of its venerable OS, and, whatever its actual efforts, is it enough? Can Apple do what Microsoft (s msft) still struggles to produce; a user-friendly, user-proof OS that isn’t riddled with vulnerabilities?

Every update to Mac OS X reminds me that the days of security-indifference amongst Mac owners are well and truly numbered.

Tell me I’m worried for no good reason, or scream at me and call me a moron for not already using security software, in the comments below.



I think Miller has shares in Mac security software vendors, and with the money he keeps winning prostituting himself to this nonsensical security competition, he’s probably just bought a lot more.

No sleep to be lost here, methinks.


So what i’m getting from this discussion is that i could post a link and all you mac users would click on it and not get a virus right?

if this is so, we could have a fun exercise.


I don’t know how about you, guys. But my MacBook Pro Snow Leopard of late 2008 has become so sluggish lately, that I can hardly bear it. I’ve migrated to Snow Leopard sometime in October. Since then every day it just gets worse. Switching users, opening windows of Safari is terrible — I see a beachball lots of times for extensive periods of time. I haven’t installed anything in Snow Leopard. From my long exprience in Windows, if that was Windows, I could only suspect that my Mac is already a part of a zombie network. I still believe the community, and hope that this is not the case. What else can there be? Disk is clean. I’m anticipating for every software update to fix this, but to my disappointment they don’t. Hopefully 10.6.3 with its “Performance improvements ” will do something… If not, then I’ll be upgrading memory from 2 to 4, because I see lots of page outs. But there were no lots of page outs back in November! I’ve changed nothing since then…


Check your Activity Monitor to see what is using the CPU so much. My bet is it’s font-related. Snow Leopard seems to be much less tolerant of old fonts.


I had Growl go nuts for a while, pegging one of my cores at 100% constantly and not displaying any notifications.

I uh, actually only noticed because my MBP was running hot and battery life was awful.

Restarted Growl and everything was back to awesome.

Snow Leopard’s been fine on my unibody MBP and my wife’s black MacBook.


Some folks in the comments are acting like these flaws don’t exist. Theoretical holes lead to exploited holes. It’s no reason to panic, but it also means Mac users should take the potential threats seriously. The viruses in System 6 & 7 weren’t malicious, but if you still think modern Windows malware is authored by similar out of control college pranksters, you’re out of touch. These guys make real money from their bots, worms, and trojans. And now that more software programmers taking Apple’s platforms seriously, there will be more malware programmers coming along as well.

There’s no reason to panic today, because there are no exploits out there. But the Mac community should be demanding good security practices and riding Apple to improve security rather than taking shortcuts for “ease of use”. How so? Safari’s “Open Safe Files after Downloading” should not be turned on by default if the option must even exist at all. And when doing software updates, Apple should have to fully play by the same authorization rules other software makers must abide (some report this wasn’t the case with the recent Safari upgrade). Finally, we should be asking for high security features like finishing the implementation of Address Space Layout Randomization that was only partially implemented for Leopard and still not fully finished in Snow Leopard.

The Mac is good with security today, but the community shouldn’t get complacent.

Liam Cassidy

Thanks for your comment William, cogent point well-made. I completely agree, I suspect the Mac community is complacent when it comes to security. And that’s understandable, there have never been any real exploits!

But there *will* be. It’s not a matter of if, it’s a matter of when. Sounds clichéd, I know, but it’s true.

The dark side of expanding market share is that malware writers will, gradually, turn their attention to the Mac as virgin ground ripe for the taking.

The almost rabid faith some Mac users place in OS X’s capacity to protect them from all evil-doers is – eventually – going to bite ’em on their bottoms.

Many Mac users don’t want to accept that, one day, OS X will be targeted just as Windows is today. I don’t miss running security software, and I will lament one day needing to use it again. But it’s never too early to start talking about the issue honestly.

And that means not immediately jumping to the defense of the great and flawless Mac OS and its UNIX underpinnings!


Three years ago, everyone said we would see a major exploit for OS X by the end of the year.

Two years ago, everyone said we would see a major exploit for OS X by the end of the year.

One year ago, everyone said we would see a major exploit for OS X by the end of the year.

Today, I still have ZERO exploits on my Mac, but I’m sure there will be one by the end of the year, right? RIGHT??

Dave Stephens

I sit down, surf where I want to, with NO security and NO worries, every friggin’ day for 10 years (10 more, if you count OS 7, 8 and 9). And every day, for all those years, the Macintosh market share has mostly grown, bit by bit, day by day, silently. And when the market share was 2%, the “experts” said, “Wait til your market share hits 5%! Then you’ll get hammered!” And when it was 5%, the same “experts” said, “Yeah, you think you’re immune! Wait til it hits 10%! Then you’ll see!” Yes, thank you, “experts” for teaching me that y’all know JACK.


Any run-time interpreter can have these problems. Feed it randomly generated gibberish and it should be rejected. If it crashes instead, the cracker who finds out why may have found the symptom of a bigger bug that can be exploited. Even if you can’t see the code behind the interpreter, you know that scratching this sore may let you into a back area where security, sandboxing, and access controls don’t work because the code is a trusted piece of software (the run-time interpreter).

But it’s really, really hard to kill all of these artificial exploits even when they are found and reported. These are often deep architectural problems which would take complete overhauling of the engine to stop the “artificial” problem. Though we can’t see Apple’s radar bug database, looking at the many hundreds of bugzilla requests just for standards fixes in webkit’s HTML, CSS, Javascript, and SVG components, the priorities go to just getting this stuff to work and error with “normal” code, rather than artificial constructs that the crackers use.

Security is a different issue than getting the functionality to work. People won’t care about theoretical Java or PDF exploits if the interpreters don’t work well enough and fast enough to make normal code usable. When they have something working, the programming energy is often expended on getting version 2 to work better than finding security holes in code that might be thrown out completely when v2 arrives.

It’s a game of priorities and timeframes for both the coders and the crackers.


Yawn , reads like and old Cnet article. Why is it that Bloggers assume they have the ability to define the security of an operating system? The answer is way to much ego. Lack of knowledge can be fixed, there is no cure for stupidity. Charlie Miller and CanSecWest are a fraud with conditions that aren’t even close to the real world.

Louis Wheeler

Promises, Promises. The antivirus sellers, like Mr Miller of Intego, have been promising us a huge malware attack and it hasn’t happened. There has only been two measly Trojan horses in the last five years and they never went viral. Think of all the millions spent to protect against a non-existent problem in the meantime.

The Anti-virus sellers slur the fact that a vulnerability in the code does not equal an exploit. An exploit in Safari just kills Safari, not give root access to the operating system.

Also, a huge increase in security is coming when the 64 bit kernel is enabled by default. I suspect that enough applications will have been upgraded to 64 bit code by July to make it worth Apple’s while.

We will get ASLR, DEP and the sandboxing of most applications and processes. If your apps are in 64 bit code, you can boot into the new kernel now. Not that there is any hurry, since the Mac is not under attack.


I think that “Software Update” screen shot is a forgery because Apple doesn’t distribute developer builds of OS X that way. You have to log into your developer account and start the download manually.


just so you know the *PRERELEASE* part is for people behind Apple’s internal network. Even in retail stores you see this…like a day before it comes out. Not gonna say how I know…but it is.


I’d think the fame (or infamy) of writing the first widely-distributed Mac malware would be something a lot of folks would really be seeking,b ut it hasn’t happened in 10 years.

Maybe the Mac is technically less “Secure” then Windows, but perhaps like that farmhouse with no locks in the country, you just don’t have to worry about it being attacked.

Hell, if you gave two computers to two inexperienced grandmothers, one Windows 7 and one MacOS X, both out of the box default configs, and just told them to “go surfing and have fun” — which one would become infected with malware first?


I’m sorry Liam, but I really think you’re overreacting.

The ‘security through obscurity’ myth has been beaten, chopped and debunked many many times. And if I could get a dollar for everytime I’ve heard this “Mac malware invasion is imminent” rubbish, today I’d be able to buy an Octo core Mac Pro.

Exploits have nothing to do with malware, except for specific vulnerability-exploiting malware. and the only thing which is making Windows more “secure” than Mac OS X is the full implementation of ASLR, which is already half present in Snow Leopard and will probably be fully implemented in 10.7. Regardless, this has nothing to do with malware. I think that the people who use Macs either:

a)Are newbies.
b)Are creatives.
c)Are UNIX/Linux IT professionals.
d)Are iPhone programmers.

This is a very general spectrum of the Mac users, my point being that they’re not generally script kiddies interested in grabbing trojan generators to hack their friend’s MSN accounts. They’re usually either too much inexperienced or too experienced for that. And, considering how much we Mac users love our Macs, I don’t think that anybody would like to hinder this great experience just to hack a friend’s (whatever) account.

The problem here is about commercial malware. But honestly, when it comes to that it’s really platform independent, since it’s generally targeted and not publicly available.

In the end, the only kind of malware which remains are Rogues and piracy trojans.

Now, in the first case they’re very easy to recognize and avoid (and I think/hope that Apple will keep up with them with Snow Leopard’s built in malware detector), and nowadays it’s hard for them to infect a system without first exploiting the browser (rare) and then, *if* they bypass the malware filter, convince the user to give their password to a random installer which just magically popped up.

In the second case, we Mac users generally don’t do piracy, however I can understand teenagers who “need” to, but in this case I still think that using private forums and torrent trackers would lower the rate of infections drastically.

So, in the end I don’t see any serious, stealthy and most probably unavoidable threats like you see on Windows. I don’t see any major spread of malware either.

This could of course change should the Mac get a very big amount of market share, luring the “bad” users and script kiddies too. But considering the initial cost, the lack of easy to use anchorage places (like the registry) in Mac OS X, the limited tinkerability and the overall great experience that Mac OS X provides, I don’t see that happening, IMHO.

Mike Perry

This has me wondering: “Printing reliability and compatibility with third-party printers.”

Either Snow Leopard itself or the Brother print drivers for it have a very irritating flaw. In Leopard, laser printers wouldn’t wake up until you actually printed. In Snow Leopard, they wake up, heat up, and waste energy any time you select print from the file menu, even when your intent is to save a PDF file.

Fixing that would be much appreciated. Even better would be to move the PDF items to the File menu, saving one unnecessary step. Leave Print for times when we really do want to print.

Charles Martin

The “old days of security through obscurity” was a myth back then, and its a myth now. Apple has been *actively advertising* its security and general immunity from viruses since *2005,* and sales have quintupled for the company since then.

Yet here we are, a DECADE after OS X was introduced to the world, with the virus count still at ZERO and the malware count hovering in low single digits.

The real credit for this goes to both UNIX and Apple, the former for creating the concepts of walled-off accounts and sandboxed apps in the first place, and the latter for cracking the problem of making it easy and invisible for users to be secure without having to do much of anything.

While no computer can possibly be 100% secure on the net, Macs are miles further down that road than Windows and that’s a fact that journalists conveniently forget. Constantly.

But don’t take my word for it — take any Mac out of the box, hook it up to the net, visit “Sheilds UP!” or any other security-checking service, and run their tests on how exposed your machine is. Or just sit there surfing — running with no firewall, no anti-virus, no nothing — and get back to us when you get a virus.

Comments are closed.