HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Not content with just pissing off Microsoft, Google is now doing its best to get on Apple's nerves as well. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Google Discloses Three Severe Vulnerabilities In Apple OS X
- Thread starter HardOCP News
- Start date
Trepidati0n
[H]F Junkie
- Joined
- Oct 26, 2004
- Messages
- 9,269
The NSA won't be too happy with them.
TeeJayHoward
Limpness Supreme
- Joined
- Feb 8, 2005
- Messages
- 12,264
I'm curious as to rather this requires an attacker to have root access, or just an account on your system.
![Zarathustra[H]](https://cdn.hardforum.com/data/avatars/m/9/9298.jpg?1707758471){kind=avatar}
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,828
Can't be.
Apple is completely invulnerable to viruses malware and attacks.
Right?
Apple is completely invulnerable to viruses malware and attacks.
Right?
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,828
Yeah, but that jab doesn't make much sense. Sure Google scans your data to collect aggregated habit and interest information for highly accurate advertising, but it's not as if they hold on to all the detailed pieces of it, or make it part of the public domain so everything about you is public... (In fact they have a vested interest against this, as it would scare people off, and it would be giving away their biggest source of revenue for free
)The biggest threat to anonymity comes from other sources, like social media, where the human predisposition to narcissism has proven to be too much for us to resist, and we willingly share everything regardless of privacy concerns. "For gods sake everyone, this is me! Please please please please like me!"
And of course, this is all exacerbated by the damned millenials having been indoctrinated by their parents that they are "special".
...and I applaud them for it. The more quickly 0 day and other exploits are found and patched, the better for everyone!
TeeJayHoward
Limpness Supreme
- Joined
- Feb 8, 2005
- Messages
- 12,264
What're you talking about? Chrome, with just this one tab open, is "only" using 140MB of RAM!
TeeJayHoward
Limpness Supreme
- Joined
- Feb 8, 2005
- Messages
- 12,264
Holy cow. Looked into the leak. Folks are getting over 3GB used with one tab!? I thought 140MB was bad.What're you talking about? Chrome, with just this one tab open, is "only" using 140MB of RAM!
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,828
What're you talking about? Chrome, with just this one tab open, is "only" using 140MB of RAM!
I'm not convinced there are ant leaks at play.
Their "every tab in its own thread" design approach requires more memory, but in exchange it is more stable and a little bit more responsive (as long as you have enough ram)
Besides, 140 megs is a drop in the bucket these days.
There was just a hot deals thread with $80 16GB kits
I have 48GB in my desktop. I just popped the ram in because I had it left over from another project. Don't really need it.
Chromes memory use wouldn't pose a problem on any modern system with a modern amount of RAM.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,828
Yeah, the 3GB thing is obviously a problem.
I did some reading on it. Appears to be a flash issue but not sure.
For some strange reason it does not impact all users (in fact it seems to impact only very few users, and some of them are very vocal). Suggests to me this is some sort of combination corner case problem.
You know, an interraction between chrome, flash plugin, hardware acceleration and a certain video card driver, or something like that.
For what it's worth, I use Chrome on my desktop at home in both Linux and Win7 and have never seen the problem. I have chrome portable on my work laptop and have never seen the problem and my SO has it on her Mac and has never seen the problem.
Google needs to look to its own software... Google is mostly fluff...that seems more apparent every day. The company likes to make a lot of noise about...products it knows it will never manufacture (self-driving cars, Google glass, robots, etc.) and the software made by other companies, even...! The company is an unfunny joke of sorts...
Google is mostly fluff...that seems more apparent every day. The company likes to make a lot of noise about...products it knows it will never manufacture (self-driving cars, Google glass, robots, etc.) and the software made by other companies, even...! The company is an unfunny joke of sorts...
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,828
Zarathustra[H];1041380070 said:
Example,
I just opened chrome and put it in incognito mode, to make sure none of my plugins were messing with shit.
Opened 5 tabs including Facebook, Youtube, Gmail and Google Docs (as people suggested these apps caused issues) I also have a hardforum window open.
Adding up all the ram use from all the chrome.exe instances, I hit 650MB, or about 130MB per tab, which really isn't unreasonable.
It is steady there, there are no growing leaks, and if I close any of the tabs, there is a drop in ram use.
Chrome may use a lot of RAM from a historical perspective, but this is 2015. RAM is dirt cheap, and there is no reason for anyone to have less than 8GB in a new machine. I certainly wouldn't build one without 16.
The 3GB issue some are reporting is obviously a problem, but judging from the fact that it only affects a small percentage of users, it is unclear what is actually causing it. From the description it appears to be Chrome + flash + something else that in combination causes a problem.
CaptNumbNutz
Fully [H]
- Joined
- Apr 11, 2007
- Messages
- 24,966
As much as I appreciate Google being a 3rd party holding Apple and MS accountable, this is going to bite them in the ass hard when Apple and MS start doing the same thing to them and making them look like huge hypocrites.
If Google continue to be little bitches like this, all they are doing is making themselves look bad.
They have appointed a team of people to find issues in other system.... how about appoint that team to work on the many many issues with Google..... just a thought Google....
They have appointed a team of people to find issues in other system.... how about appoint that team to work on the many many issues with Google..... just a thought Google....
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,828
Well, how do we know that isn't what they are doing?
They give other companies 90 days to respond, and if they don't they make it public. Maybe they are finding their own issues and resolving them before 90 days?
I know very little about the team behind this, but judging solely from their name (Project 0), their focus seems to be strictly on 0 day exploits, so it isn't quite fair to bring up other issues (like a suspected memory leak in Chrome) and ask why they aren't working on that.
Presumably Project 0 is a team made up of people with security expertise. (which is a very different skill set from typical software development and bug fixes) I can't imagine that Google created the team simply to pick on other companies. I imagine they are working on Google products as well, but when they come across something outside of their control, they report it. And if you know of a serious vulnerability that a company is not taking seriously, the only responsible thing is to release it, so that they will.
LightningCrash
2[H]4U
- Joined
- Dec 29, 2000
- Messages
- 2,470
The ZDNet reporter says "the team dubbed these as severe", when that wasn't the case. The severity rating was High, but that's likely based on the CVSSv2 score. With a local privilege escalation exploit like this, the most you'll see for a CVSS v2 base is 7.2.
It's probably a good idea to click through to the source on stuff from ZDNet. Especially if it's written by SJV.
It's probably a good idea to click through to the source on stuff from ZDNet. Especially if it's written by SJV.
ManofGod
[H]F Junkie
- Joined
- Oct 4, 2007
- Messages
- 12,863
Well, this is getting very, very interesting.