Security researchers to target Apple in January
The folks that brought us the "month of kernel bugs" in November are planning to focus squarely on Apple Computer during January, according to The Washington Post's Brian Krebs.
Come the new year, two researchers, Kevin Finisterre and the pseudonymous LMH, plan to point out a flaw each day targeting Mac OS X or applications for that operating system, Krebs reported. As with the month of kernel bugs project conducted by LMH in November, they also don't plan to let Apple know about the vulnerabilities before they publish them, which doesn't sit right with some members of the security community. The security holes will all be ones that haven't yet been advertised, according to the report.
LMH published several vulnerabilities in Mac OS X during the month of kernel bugs, but that project wasn't exclusively focused on Apple. Apple released a security update late in November to address some of the bugs.
Update: LMH confirmed via e-mail Tuesday that the project will be kicking off in January and that it will be confined to Apple-related software. As to why the vulnerabilities are being disclosed in this manner, he wrote, "IMHO, Apple should speed up the process, as it takes (a) long time for an issue to get fixed, and more for getting the patch released to the users."
Apple confirmed that it was aware of the project, but chose not to comment beyond saying through e-mail that "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We always welcome feedback on how to improve security on the Mac."