Insanely Mac

PALO ALTO, Calif.--Mac clone maker Psystar plans to file its answer to Apple's copyright infringement lawsuit Tuesday as well as a countersuit of its own, alleging that Apple engages in anticompetitive business practices. Miami-based Psystar, owned by Rudy Pedraza, will sue Apple under two federal laws designed to discourage monopolies and cartels, the Sherman Antitrust Act and the Clayton Antitrust Act, saying Apple's tying of the Mac OS to Apple-labeled hardware is "an anticompetitive restrain of trade," according to attorney Colby Springer of antitrust specialists Carr & Ferrell. Psystar is requesting that the court find Apple's EULA void, and is asking for unspecified damages.

Springer said his firm has not filed any suits with the Federal Trade Commission or any other government agencies.

The answer and countersuit will be filed Tuesday afternoon in U.S. District Court for Northern California.

Pedraza attended a press conference his lawyers called to present how Psystar will defend its its OpenComputer Mac clone, which has been for sale online since April.

Psystar's attorneys are calling Apple's allegations of Psystar's copyright infringement "misinformed and mischaracterized." Psystar argues that its OpenComputer product is shipped with a fully licensed, unmodified copy of Mac OS X, and that the company has simply "leveraged open source-licensed code including Apple's OS" to enable a PC to run the Mac operating system.

Pedraza says he wants to make Apple's Mac OS "more accessible" by offering it on less expensive hardware than Apple.

"My goal is to provide an alternative, not to free the Mac OS," said Pedraza. "What we want to do is to provide an alternative, an option...It's not that people don't want to use Mac OS, many people are open to the idea, but they're not used to spending an exorbitant amount of money on something that is essentially generic hardware."

Apple will have 30 days to respond to Pystar's counter claim, and so far has declined to comment on the case.

Other legal experts say Psystar faces a tough legal challenge in proving Apple has engaged in antitrust behavior by loading its software on its own hardware and thereby allegedly harming consumers and competitors. Psystar's ability to prevail on the issue of having the latitude to load Apple's OS on its own hardware, given it has a licensing agreement with the company, may prove an easier road to hoe, legal experts note.

A newcomer to the PC scene, Psystar caused a stir when it first went online selling white box Macs earlier this year. The site went down hours after it opened for business because the company was overwhelmed with orders for the OpenComputer, originally called the OpenMac, which was then changed to its current name. And the site went down several more times as its payment-processing company pulled its services from the Psystar site. Psystar managed to stay shrouded in a bit of mystery for a while, until intrepid gadget blog readers joined the press in fleshing out some details about the company.

Psystar eventually got back online with a new payment-processing service, and it continues to take orders for the OpenComputer and OpenPro Computer. When Apple finally did file suit against Psystar in July, it surprised nearly no one--except perhaps Pedraza. He said he had no contact with Apple before legal papers were filed against his company. Customarily, there is some sort of communication between companies before lawsuits are filed.

For now, Pedraza says it will be "business as usual" at company headquarters. Though he said there was a "slight" downward dip in sales once Apple filed its suit, he plans to go ahead with making servers, and soon, a mobile product, which he said will be "like a notebook." But he refused to offer more detail.

More to come...

CNET News' Dawn Kawamoto contributed to this story.

Open Scripting Architecture
Impact: A local user may execute commands with elevated privileges Description: A design issue exists in the Open Scripting Architecture libraries when determining whether to load scripting addition plugins into applications running with elevated privileges. Sending scripting addition commands to a privileged application may allow the execution of arbitrary code with those privileges. This update addresses the issue by not loading scripting addition plugins into applications running with system privileges. The recently reported ARDAgent and SecurityAgent issues are addressed by this update. Credit to Charles Srstka for reporting this issue.

BIND
Impact: BIND is susceptible to DNS cache poisoning and may return forged information

Description: The Berkeley Internet Name Domain (BIND) server is distributed with Mac OS X, and is not enabled by default. When enabled, the BIND server provides translation between host names and IP addresses. A weakness in the DNS protocol may allow remote attackers to perform DNS cache poisoning attacks. As a result, systems that rely on the BIND server for DNS may receive forged information. This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this issue.

CarbonCore
Impact: Processing long filenames may lead to an unexpected application termination or arbitrary code execution

Description: A stack buffer overflow exists in the handling of long filenames. Processing long filenames may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Thomas Raffetseder of the International Secure Systems Lab and Sergio 'shadown' Alvarez of n.runs AG for reporting this issue.

CoreGraphics (Memory issues)
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: CoreGraphics contains memory corruption issues in the processing of arguments. Passing untrusted input to CoreGraphics via an application, such as a web browser, may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Michal Zalewski of Google for reporting this issue.

CoreGraphics (PDF issues)
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow in the handling of PDF files may result in a heap buffer overflow. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of PDF files. Credit to Pariente Kobi working with the iDefense VCP for reporting this issue.

Data Detectors Engine
Impact: Viewing maliciously crafted messages with Data Detectors may lead to an unexpected application termination Description: Data Detectors are used to extract reference information from textual content or archives. A resource consumption issue exists in Data Detectors' handling of textual content. Viewing maliciously crafted content in an application that uses Data Detectors may lead to a denial of service, but not arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.5.

Disk Utility
Impact: A local user may obtain system privileges Description: The "Repair Permissions" tool in Disk Utility makes /usr/bin/emacs setuid. After the Repair Permissions tool has been run, a local user may use emacs to run commands with system privileges. This update addresses the issue by correcting the permissions applied to emacs in the Repair Permissions tool. This issue does not affect systems running Mac OS X v10.5 and later. Credit to Anton Rang and Brian Timares for reporting this issue.

OpenLDAP
Impact: A remote attacker may be able to cause an unexpected application termination

Description: An issue exists in OpenLDAP's ASN.1 BER decoding. Processing a maliciously crafted LDAP message may trigger an assertion and lead to an unexpected application termination of the OpenLDAP daemon, slapd. This update addresses the issue by performing additional validation of LDAP messages.

OpenSSL
Impact: A remote attacker may be able to cause an unexpected application termination or arbitrary code execution

Description: A range checking issue exists in the SSL_get_shared_ciphers() utility function within OpenSSL. In an application using this function, processing maliciously crafted packets may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

PHP
Impact: Multiple vulnerabilities in PHP 5.2.5 Description: PHP is updated to version 5.2.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X v10.5 systems.

QuickLook
Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues exist in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5.

rsync
Impact: Files outside the module root may be accessed or overwritten remotely

Description: Path validation issues exist in rsync's handling of symbolic links when running in daemon mode. Placing symbolic links in an rsync module may allow files outside of the module root to be accessed or overwritten. This update addresses the issue through improved handling of symbolic links. Further information on the patches applied is available via the rsync web site at http://rsync.samba.org/