Vista Blown Open By Unstoppable Hack

@Stephen Allred
Data Execution Prevention (DEP) is a good thing if used correctly (which is supported at the hardware level by a XD bit), the fact that OS X doesn't use it makes me question the security of the OS. Security is based on the weakest link so if there are no other avenues of attack, this one will remain open. Unfortunately, Apple does not go the route of Microsoft and disclose their bugs, Apple denies there are bugs in their OS and then fixes them quietly. Here's a site of someone who found a bug a day for a month in 2007. http://projects.info-pull.com/moab/

Alex Sotirov responds to Ed Bott's ZDnet's blog: "Thanks for your blog post about our research. I was horrified by the lack of understanding displayed by the tech press when they covered the paper Mark and I presented at BlackHat. You rightly point out that the sky is not falling and the flaws are not unfixable. In fact, the next versions of Flash and Java will contain specific measures that limit the impact of the techniques we presented. We expect Microsoft to follow suit as well.

Exploitation is a cat and mouse game. The paper we presented puts the offensive side at a slight advantage, but it won’t take long for the defenses to catch up. Our intention was always to nudge the software vendors into improving their defenses and I hope we will succeed."

Just a storm in a tea cup then? http://blogs.zdnet.com/Bott/?p=513

@dworvos
Did I say OSX didn't use the No eXecute (or eXecute Disable, as Intel have decided to market it) bit? No. I said OSX doesn't use the Vista's (and by that token XP's) implementation of it, which Microsoft have helpfully dubbed DEP (which, you may like to note, is by default only active on essential OS processes).
You think Microsoft discloses it's bugs? More fool you. As for the bug a day for a month, that's 31 bugs in a modern OS. That's really not surprising.