'Apple Bugs' war of words hots up

Stephen Withers
Thursday, 11 January 2007 09:19

Your IT - Home IT

The real nature of the eighth instalment in the Month of Apple Bugs is being hotly debated, and the war of words is getting increasingly personal.

The controversy centres on whether the flaw is specifically related to the Application Enhancer software, or if it is a more general issue related to the standard permissions on the /Library/Frameworks folder.

Unsanity - the developer of Application Enhancer - takes the latter view. That's understandable, but having an axe to grind does not necessarily make you wrong. Application Enhancer is a free program, so it's harder to assert that a financial interest might be shaping this position.

"Based on our research, the local vulnerability issue discussed above is valid, and the /Library/Frameworks/ permissions bug it describes affects multiple vendors, not just us," wrote Rosyna Keller in Unsanity's corporate blog.

"Disabling APE is not necessary in order to prevent this issue. Slava has a fix in the works while installing APE, and since we're currently at MWSF (what this post was about), we're going to try to discuss with Apple the best course for addressing this bug long-term."

One of the more vocal opponents of is Rick Downes of software developer Rixstep. In an email to iTWire that set out a detailed explanation of the vulnerability, he wrote "Use of /Library/Frameworks - as any directory where a framework can be placed - is NOT a security issue. Use of Rosnya's Unsanity APE -IS- a security issue, has always been a security issue, is the bane of software developers everywhere, is hated by Apple themselves - and what LMH has done now only puts the spikes in the coffin."

This issue has sparked or at least inflamed bad feeling among various members of the Mac community. Continues