After small developers fixed the bugs released by the MoAB people using APE technology, what do the MoAB people do? They go after APE and completely misinform the public, starting with CNet.

First the title, "Flaw found in Apple bug-fix tool," is all kinds of wrong. It implies that it is an Apple product, which we know is not true and is stated properly in the article text.

They then go on to describe the vulnerability. APE installs itself in /Library where its supposed to go. /Library is writable by local admins. So a local admin can replace the APE executable and gain root privileges. Read that again. A local admin can replace the APE binary to gain root access.

A local admin, an effective root user account, can gain root access.

Or they could open up NetInfo Manager and enable the root account and enter in a password of their own choosing and then log into the GUI as root. Or they could open up Terminal and run sudo sh and get a root shell.

This is simple revenge. Rosyna called them trolls and linked to an APE fix for one of their bugs. I think Rosyna may be right of the 9 published bugs, 4 of them are not from Apple provided software.