When asked to comment on the recent Security Bitch Watch controvery (now concluding day 8!), the usually inscrutable Apple spokesperson Lynn Fox made several telling comments about the state of Mac security.
Many hours have been spent poring over Fox’s comments of a week ago Friday and whether or not they represent an outright refutal of SecureWorks claims or are just so much PR speak. Indeed, many of Fox’s comments in today’s interview might have gone unnoticed by less seasoned reporters.
Fox began by reiterating the company’s statement that SecureWorks has not presented Apple with any evidence that the Airport firmware and software supplied with the MacBook is suceptible to the attack shown in their video demonstration.
She added, however that “What surprises us is that Maynor and Ellch completely missed the massive security flaw in our Bluetooth stack.
“For instance,” Fox said, “Simply pairing a Bluetooth headset with Mac OS X for Intel causes the system to turn on remote access, remove the root password, and erase several key user-data files.
“And don’t get me started on USB,” she said, her words slurring.
“I don’t even want to talk about USB. Listen, if you mention USB, I’m going to hit you so hard you won’t even remember that plugging in a camera to a USB connection on the Mac automatically sends browser caches to the NSA.”
Fox stopped to take a slug from a small, opaque bottle she carried with her.
“Now, I’m not going to talk at all about the TCP/IP problems. Not all. So I won’t even explain that attempting to connect to AppleShare over IP with the user name ‘sjobs’ exposes the entire contents of all attached drives, all networked drives with stored passwords, and initiates password cracking against all computers on the ISP’s attached network.
“No, sirree,” Fox said, slumping quietly to the floor. “No, sirree.”
Apple declined to comment for this story, shortly after Fox passed out.