There's been a string of security disasters for Apple lately. The first one I'll briefly mention is the vulnerabilities recently published that effect iCal, these security flaws were discovered by Core Security back in January - who patiently tried to prod Apple into fixing them, after Apple couldn't be bothered to issue a fix for months and months they went public with the details. Hopefully now Apple will take the issue more seriously.
The main cause for alarm comes over how they've handed Safari, obviously this is of more concern because of Apple's recent malicious moves to get this installed automatically on people's computers, through their "update" application which they bundle with all of their software, and which they use to force down more than updates, but completely new pieces of software like Safari. A move which Mozilla CEO said threatened the security of the internet - and that was before we saw Apple's complete disregard for security vulnerabilities.
So what have they done now? They dismissed a vulnerability that automatically downloads files to your computer, if you're on Windows to the Desktop, if you're on Mac OS to the Downloads directory. Ouch.
How can this be exploited? Executables that mimic existing icons or shortcuts you'd normally have on your computer. On Mac OS X or Windows Vista you could rig an executable to look like the Recycle/Trash Can, that instead of showing you what's inside it, promptly deletes all your documents. On Windows XP its even worse with most users running as administrators - it could trash your whole system.
Worse thing is Apple came out and said this wasn't being treated as a security issue! What planet are they on?
Of course there's more vulnerabilities - this one Apple have actually promised to fix (who knows when they'll get around to releasing the patch, since they have one of the longest turn around times in the industry). This again effects Safari. This one let's people steal your documents! Jeez. Websites can get Safari to upload all your files to them, fantastic stuff. I really hope the people working at HM Revenue and Customs don't have any iPods.
So that's that. I've officially put all Apple software on the ban list. Nope, you won't even find QuickTime on my machines anymore, well not that you did anyway as it acts in a malicious way before all this happened with its starting things automatically with the system.
I'll be strongly recommending to everybody that they stay well away from these kinds of malicious applications, especially when they're made by a company with such complete disregard for security.
Congratulations Apple, you're on the same list as Real and Symantec.
They weren't already?
QuicktimeAlternative and RealAlternative FTW.