On mySimon: Star Wars Mimobot Flashdrives
BNET Business Network:
BNET
TechRepublic
ZDNet
243 TalkBacks

By Joris Evers
Posted on ZDNet News: May 12, 2006 9:19:00 PM

Serious flaws in Mac OS X and QuickTime software could put Macintosh and Windows systems at risk of cyberattack, Apple Computer has warned.

In a pair of security alerts released Thursday, Apple outlined 31 flaws that affect various versions of the operating system and a dozen vulnerabilities in its QuickTime media player software. Security experts have deemed the issues "critical," but Apple does not provide a severity rating. Fixes are available.

The Mac OS X vulnerabilities lie in various components of the operating system and affect both the server and client versions, Apple said in an advisory. An attack could be launched using some of the bugs by creating a malformed file, or by building a malicious Web site and enticing someone to visit it, the company said.

"These flaws could be exploited by attackers to execute arbitrary commands, bypass security restrictions, disclose sensitive information or cause a denial of service," the French Security Incident Response Team, a security-monitoring company, said in an advisory.

The patches indicate that Apple is having a hard time completely resolving a security flaw that surfaced earlier this year. They fix an issue in the "download validation" function, a feature designed to protect Mac users from installing harmful code from a malicious Web site or e-mail--a risk more familiar to Windows users.

Apple added the function in a security update released in early March. Two weeks later, it issued another update to fix some problems with the feature. Thursday's fix tackles another issue: the download validation may be bypassed if a file has a long name, Apple said.

Critics have argued that the download validation function is not enough to address the installation risk, and that Apple needs to correct the problem at a lower level in the operating system.

The QuickTime flaws put both Mac OS X and Windows computers at risk of compromise. All of the vulnerabilities exist because of errors in the way the media player software handles certain files. Specially crafted files in certain media formats--including JPEG, QuickTime, Flash, MPEG4 and AVI--could allow an intruder to hijack a vulnerable system, Apple said in an advisory.

Apple's security update 2006-003 for Mac OS X and the QuickTime patch can be downloaded and installed via Software Update preferences or from the Apple Downloads Web site.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 243 Talkback(s)
You are right but....
The majority of people install software which have these issues, except Windows
themselves per say... not all buffer overflows, or under-runs are from the OS
itself, although the majority of t... (Read the rest)
Posted by: Mercat Posted on: 01/11/07 You are currently: a Guest | | Terms of Use
Apple: please, don?t touch OSX holes -let it be the most secure OS ever (NT  Vily Clay | 05/12/06
It still is but...  GSavage777 | 05/12/06
I think it means  JetJaguar | 05/12/06
Thanks for the info.  GSavage777 | 05/12/06
NT= No Text (NT)  bka1959 | 05/12/06
Corrections: OSX is the most ignored by hackers OS. Is it fair? (NT)  Vily Clay | 05/12/06
Works for me.....:)  Laff | 05/12/06
Nice fairy tale - Apple fixes ? before a problem. Dream on. (NT)  Vily Clay | 05/13/06
OK fair enough..... now I'll give you the change to prove that statement?  Laff | 05/15/06
Are you sure Apple sells only beta-prod. & final releases have to come? (NT  Vily Clay | 05/15/06
Run for President!  lalogos | 05/18/06
No, doesn't seem fair and balanced  Boot_Agnostic | 05/13/06
No, doesn't seem fair and balanced  vizenos | 05/13/06
delivery systems  Mr_Dave | 05/13/06
Prayers to Jobs replace AV software, brains, eyes, ears, ? (& Christ?) (NT)  Vily Clay | 05/13/06
How about you actually POST?  mobrien_12@... | 05/13/06
Solution: pray less to Jobs & you may understand NT lines & even think (NT)  Vily Clay | 05/14/06
what?  JetJaguar | 05/12/06
Fair's fair  rpmyers1 | 05/12/06
And let's not forget Melissa.  Joel R | 05/12/06
Most Secure???  jlzimm | 05/12/06
Yeah sure...  mone_dog | 05/12/06
Not So  schneb | 05/12/06
That's Right, No OS X Viruses in the WiLd . . . anwhere!  joeldm | 05/12/06
You know, soon or later,  etheran | 05/12/06
Yeah, _Someday_ . . .  joeldm | 05/12/06
OS X has one thing in common with Windows  Mark Miller | 05/12/06
OS9 had thirty-something viruses, trojans, etc.  MacGeek2121 | 05/17/06
That's OK!  Rock_Built@... | 05/14/06
Idiotic...  blenky | 05/15/06
you r vicious  scooterwilli | 05/22/06
mac vs. pc  wolfdogjagr | 05/15/06
Never had a virus? Don't be so sure about that.  Joel R | 05/12/06
I use Little Snitch on my Mac.  MacGeek2121 | 05/12/06
Hmmm.....little snitch?  Cayble | 05/12/06
Good luck with that.  Joel R | 05/12/06
Sooner, . . .  Boot_Agnostic | 05/16/06
another learning session for Mac users  JetJaguar | 05/12/06
you forgot a bit...  st!lborn | 05/13/06
Dream On - PCs are hacked because its easy  Steven Rogers | 05/12/06
Macs are getting easier to hack now, thanks to Intel.  Joel R | 05/12/06
Macs are getting easier to hack now, thanks to Intel.  Joel R | 05/12/06
only one issue....  Mercat | 05/15/06
Security 101  java.user | 05/15/06
Yeah I do...  Mercat | 05/15/06
No  java.user | 05/15/06
You are right but....  Mercat | 01/11/07
4% is a small target  JetJaguar | 05/13/06
So the viruses just attack those Macs sold....  Mikael_z | 05/13/06
how many different  JetJaguar | 05/13/06
still waiting for some backup  JetJaguar | 05/15/06
I have to agree.  GSavage777 | 05/12/06
"Us PC users are used to the scare, a virus for us is just another day"  Wayne T | 05/12/06
Yup!  vizenos | 05/13/06
So Macs OK for porn and IE is great for online banking.  lshu | 05/16/06
Download Quicktime 7.1...  MacGeek2121 | 05/17/06
...that's got to be the most rabid post I've ever read.  A_Pickle | 05/17/06
What a pile of...  Cayble | 05/20/06
More Mac FUD  joeldm | 05/12/06
Sorry Chum Wrong, there is, read the news.  Cayble | 05/12/06
Uh, CHUM, It says "aimed at . . ."  joeldm | 05/12/06
Oh Wrong Again Chum  Cayble | 05/12/06
A link to the full Story  Cayble | 05/12/06
Sorry, JoeL, but Cayce's right. It's a real, honest-to-goodness Mac virus.  Joel R | 05/12/06
Er, Cayble, not Cayce. My bad. (NT)  Joel R | 05/12/06
It's because Win. has....  BlazeEagle | 05/13/06
No, that's not it.  Joel R | 05/13/06
Myth  java.user | 05/15/06
Sorry, COMALite J, but joeldm's right. It's not a virus.  buddhistMonkey | 05/13/06
You missed Toronto Star Article. It is virus  Cayble | 05/14/06
depends how you define a virus  doh123 | 05/15/06
OK, And It depends if you call an Apple a computer I guess  Cayble | 05/15/06
clipped urls  JetJaguar | 05/12/06
Caused by this website (clipped url)  Cayble | 05/13/06
Yet another area where ZDNet need work...  MTMacPhee | 05/13/06
Thaks for link to tinyurl  Cayble | 05/13/06
this forum  JetJaguar | 05/13/06
I'm sorry that you are sorry, but...  MTMacPhee | 05/12/06
Wrong on both counts.  Joel R | 05/13/06
File not found thestar/Layout/Art icle_ Type1  MTMacPhee | 05/13/06
Wrong on both counts.  Joel R | 05/13/06
Thank you for your kind and helpful post.  MTMacPhee | 05/13/06
Never try to type when the cat needs attention...  MTMacPhee | 05/13/06
Apple currently ignoring claims  Cayble | 05/13/06
Well, at least you got some links working...  MTMacPhee | 05/13/06
You cant read MTMacPhee  Cayble | 05/13/06
re: Cayble  doh123 | 05/15/06
Apparently you couldn't read...  Joel R | 05/14/06
Wrong on both counts (working URL here, but you have to copy, not click it)  Joel R | 05/13/06
its not a virus  doh123 | 05/15/06
It is a virus  Cayble | 05/15/06
No doubt--BUT....  vizenos | 05/13/06
name one?  st!lborn | 05/12/06
http://tinyurl.com/zgdjo  Cayble | 05/14/06
not enough  doh123 | 05/15/06
Its Plenty. Its a virus  Cayble | 05/15/06
OSX is generally a fine OS  Cayble | 05/12/06
Fixes ARE posted already  999ad@... | 05/12/06
Thanks For the Heads Up on the Link Sprocket  Cayble | 05/12/06
My pleasure.  999ad@... | 05/12/06
Apple flaws put both Macs and PCs at risk  Loverock Davidson | 05/12/06
Get a mac and be done with it?  handydan918 | 05/12/06
. . . turns out, you can!  joeldm | 05/12/06
Your logic is skewed...  osreinstall | 05/12/06
AND YET, Monsieur, It Hasn't Happened In The Five Years . . .  joeldm | 05/12/06
Keep telling yourself that.  osreinstall | 05/12/06
That's is. Hit him with a good, solid, ad hominem attack...  MTMacPhee | 05/12/06
Just not getting worked up about a none issue...:)  Laff | 05/12/06
He did the same but I am having fun.  osreinstall | 05/12/06
Yeah, right!  vizenos | 05/13/06
Another dummy that doesn't know how to secure Windows  osreinstall | 05/13/06
Really.  A_Pickle | 05/17/06
QFT.  A_Pickle | 05/17/06
plenty?  st!lborn | 05/12/06
...Forgot one....  s_gamgee | 05/13/06
Forgot another one...  osreinstall | 05/13/06
btw...  st!lborn | 05/13/06
Most people aren't...  osreinstall | 05/13/06
Uh-huh!  vizenos | 05/13/06
Who wants to impress those guys.  osreinstall | 05/13/06
something to think about  Mr_Dave | 05/13/06
Some more to think about.  osreinstall | 05/13/06
easier but more frustrating aswell....  st!lborn | 05/13/06
Sounds like hardware  osreinstall | 05/13/06
Your handle says it all, Osreinstall.  vizenos | 05/13/06
Your handle sounds like a sub commercial...  osreinstall | 05/13/06
Chuckle!  vizenos | 05/13/06
Well I am glad you enjoyed yourself.  osreinstall | 05/13/06
Oh???  vizenos | 05/13/06
I take it you didn't read the whole thread.  osreinstall | 05/13/06
You take it wrong, then.  vizenos | 05/13/06
Whatever makes you happy...  osreinstall | 05/13/06
uh huh...  st!lborn | 05/12/06
Well, me, for one....  vizenos | 05/13/06
"Uh-Huh"  Opeb56 | 05/13/06
oh yeah....  st!lborn | 05/13/06
So what has changed?  BitTwiddler | 05/15/06
All vulnerabilities in QuickTime 7?  Anton Philidor | 05/12/06
Apple Patch  MacGeek2121 | 05/12/06
Yup -- Old News  999ad@... | 05/12/06
You got that right, Kimo Sabe.  MTMacPhee | 05/12/06
Refuse to believe?  NonZealot | 05/14/06
Just about...  A_Pickle | 05/14/06
Speaking for myself.....I've worked with Dos and Windows  Laff | 05/14/06
Personally...  A_Pickle | 05/14/06
Huh?  Mercat | 05/15/06
Sorry.  A_Pickle | 05/15/06
I looked up Yellow Journalism in Wikepedia.  MTMacPhee | 05/12/06
Wikipedia  MTMacPhee | 05/12/06
Ooooo!  vizenos | 05/13/06
Who are you kidding?  dscherm | 05/15/06
Win vs Mac  Bgone | 05/12/06
When was the last time you wore home made jeans?  Laff | 05/12/06
home made  Bgone | 05/12/06
Um I do some cooking, and do you computers sew?  Laff | 05/13/06
In all fairness...  A_Pickle | 05/14/06
A_Moron....  ITGuy04 | 05/15/06
Then why don't you...  A_Pickle | 05/15/06
Yeah, They cost less  s_gamgee | 05/13/06
That's funny....  A_Pickle | 05/14/06
umm...  Mercat | 05/15/06
Yeah.  A_Pickle | 05/15/06
Acutally you can't  ITGuy04 | 05/15/06
Okay... okay....  A_Pickle | 05/15/06
Not jeans  Queue | 05/13/06
You know, that analogy almost works.  MTMacPhee | 05/13/06
Believe it!  vizenos | 05/13/06
It's a matter of taste  JetJaguar | 05/15/06
hmm i tried it once...  st!lborn | 05/12/06
btw...  st!lborn | 05/12/06
Right you are!  vizenos | 05/13/06
Apple's security update documentation is a joke  PB_z | 05/12/06
What a load!  999ad@... | 05/13/06
Like all things Macintosh...  MTMacPhee | 05/13/06
Depends on what you want.  vizenos | 05/13/06
Really?  RocketEater | 05/13/06
You miss the point...  vizenos | 05/13/06
Bad karma?  RocketEater | 05/13/06
And this is why Apple is not a player in the corporate world  PB_z | 05/13/06
Critically important to keep those IT types paid...  MTMacPhee | 05/13/06
Blinded by confidence  Mark Miller | 05/16/06
Well...  paferg | 05/15/06
Nothing is totally secure[text]  BlazeEagle | 05/13/06
they do distribute teh standalone qt player...  st!lborn | 05/13/06
Doh!  MTMacPhee | 05/13/06
They changed, sorry. [more inside]  BlazeEagle | 05/15/06
Itunes came with the Quicktime  IronCladChicken | 05/16/06
A better term would be "smug".  vizenos | 05/13/06
It is a Zen thing dude...  osreinstall | 05/13/06
Some thoughs, probably not Zen...  MTMacPhee | 05/13/06
Fixing stuff that ain't broke.  osreinstall | 05/13/06
"There are none so blind who will not see." (NT)  MTMacPhee | 05/13/06
You got that right  osreinstall | 05/13/06
Mac = Eva Longoria, and Teri Hatcher???  joethemacfan | 05/14/06
I sure wish Nintendo, Sega and Sony had a SINGLE, universal system  IronCladChicken | 05/16/06
Already patched...  Mercat | 05/13/06
"...at day's end...  MTMacPhee | 05/13/06
Stop taliking that Reality crap!  An_Axe_to_Grind | 05/13/06
Actually...  RocketEater | 05/13/06
Actually...no.  Mercat | 05/15/06
Caveats  RocketEater | 05/15/06
Mac zealots are hilarious  NonZealot | 05/15/06
They're actually retarded.  A_Pickle | 05/16/06
If you are stupid enough...  Mercat | 05/16/06
That isn't true.  A_Pickle | 05/17/06
Very good point - NTFS vs. FAT32  Mark Miller | 05/16/06
lollercopters and roflblades.  linuxoverwindows | 05/13/06
The pro-Mac argument is so riddled with holes.  A_Pickle | 05/13/06
You know that was probably the best most thought filled post  Laff | 05/13/06
Yeah...  A_Pickle | 05/14/06
You are wrong on several levels...  Mercat | 05/15/06
As are you.  A_Pickle | 05/15/06
Thank you for playing, please try again.  Mercat | 05/15/06
Hah.  A_Pickle | 05/15/06
Oh also...  Mercat | 05/15/06
Good point... but...  A_Pickle | 05/15/06
You have no clue  ITGuy04 | 05/15/06
What the hell are you talking about?  A_Pickle | 05/15/06
How much is Mr. Dell paying you?  Mercat | 05/15/06
Ah yes...  A_Pickle | 05/15/06
And also...  A_Pickle | 05/15/06
Oh, BTW...  Mercat | 05/15/06
I never said...  A_Pickle | 05/15/06
Methodology for comparing security  palmwarrior | 05/14/06
Nice Spin  wmd_z | 05/14/06
Zdnet, you aren't allowed to publish Apple stories  Boot_Agnostic | 05/15/06
NO...  Mercat | 05/15/06
from Apple ?  failure | 05/15/06
Ex-Mac Genius...actually.  Mercat | 05/15/06
Yes  Boot_Agnostic | 05/15/06
ok....  Mercat | 05/15/06
. . .Ok  Boot_Agnostic | 05/15/06
Actually...  Mercat | 05/16/06
Who Cares?  Shelendrea | 05/15/06
Windows users are just envious, OSX is still safe!  ralphrides | 05/15/06
I'm not envious partly[more]  BlazeEagle | 05/15/06
Sort of.  A_Pickle | 05/16/06
Minority but...  Mercat | 05/16/06
Yeah...  A_Pickle | 05/16/06
Congradulations.  Mercat | 05/16/06
Without proper security...  A_Pickle | 05/16/06
Holes in OSX  grandis@... | 05/17/06
Where is the Windows QT update?  kiddpeat | 05/25/06

What do you think?

advertisement
Click Here
advertisement

White Papers, Webcasts, and Downloads