On BNET: 10 ways to manage your geeks
BNET Business Network:
BNET
TechRepublic
ZDNet
137 TalkBacks

By Joris Evers
Posted on ZDNet News: Aug 2, 2006 12:25:00 PM

Apple Computer issued on Tuesday updates for its Mac OS X operating system to fix 26 security flaws, some serious.

Several of the vulnerabilities affect the way in which Mac OS X handles images and the file-sharing capabilities of the software, according to an Apple security advisory. Other flaws were found and fixed within components such as Fetchmail, file compression features, and DHCP networking functionality, Apple said.

The vulnerabilities could enable a variety of attacks, security company Symantec said in an advisory sent out to customers of its DeepSight intelligence service. "Remote attackers can execute arbitrary code, trigger denial-of-service conditions, elevate privileges, and disclose potentially sensitive information," Symantec said.

Apple credits a number of security researchers with finding the flaws. These include researchers employed by Google and Mozilla, as well as Tom Ferris, a freelance security researcher who has disclosed limited information on some Apple bugs in the past.

The bulk of the Mac OS X flaws affect both the client and server versions of the operating system. Attackers could exploit several of the vulnerabilities, specifically those related to image processing and file compression, by crafting malicious files and tricking people into opening them, Apple said. This attack method is seen often on computers that run Microsoft's Windows operating system.

A handful of flaws related to file sharing, handled by the Mac OS X AFP server, could expose user data or let a malicious user gain elevated privileges a system running Mac OS X or cause a crash, Apple said.

The update also increases the length of the passkey used for pairing Bluetooth devices with Mac computers, Apple said. This could provide enhanced security for the use of Macs with wireless devices that use Bluetooth technology.

Mac OS X users are urged to upgrade in order to protect their systems against possible attacks that may exploit the flaws. Symantec said that it doesn't know of current attack code for any of the issues, though some may not require specific exploit code, the company said.

Apple has released Security Update 2006-004 to address the issues. The update is available from the Software Update pane in System Preferences on Mac OS X systems or through Apple's Web site. Until now, Apple's most recent security update came out in late June.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 137 Talkback(s)
Consider the source!
Look, please look into the source, your quote from the ZDnet
article was from Greg Day who is working for McAfee, the
antivirus software maker. That can't take it as expert opinion
as you ... (Read the rest)
Posted by: timefly Posted on: 08/05/06 You are currently: a Guest | | Terms of Use
Apple fixes 26 Mac OS flaws  Loverock Davidson | 08/02/06
Don't feed the trolls.  gigglypuff | 08/02/06
Isn't it funny  Loverock Davidson | 08/02/06
Nice dismissal  net-com | 08/02/06
Calling this troll a troll...  jasonp@... | 08/02/06
Bugs which should be caught...  lmenningen | 08/02/06
If you get enough problem reports...  jasonp@... | 08/03/06
tu quoque  baggins_z | 08/02/06
Amen bro.  Reverend MacFellow | 08/02/06
Wrong  Loverock Davidson | 08/02/06
At least  Michael Kelly | 08/02/06
Alll you had to do is ask  Loverock Davidson | 08/02/06
Poor development = New marketplace  jasonp@... | 08/02/06
...and it also gives Microsoft a new revenue path.  Zeppo9191 | 08/02/06
Ponder this then.....  Shelendrea | 08/02/06
It's software  kamm | 08/02/06
I give you a perfect 10.0  Intellihence | 08/02/06
Of course you would...  John Zern | 08/02/06
In a world with Windows and Gates....  nomorems | 08/02/06
You are incorrect  John Zern | 08/02/06
Look up the word more  baggins_z | 08/02/06
Antivirus software  trm1945 | 08/02/06
Yes, Of Course...When The Shoe Is On The Other Foot  itanalyst | 08/02/06
Define "it"  tic swayback | 08/02/06
You tell me  Loverock Davidson | 08/02/06
I'm thinking he did tell you... (nt)  Zeppo9191 | 08/02/06
I'd go with the latter, rather than the former  tic swayback | 08/02/06
Apple patches before problems happen  MacGeek2121 | 08/02/06
Try it  timefly | 08/02/06
Can't be...  GMTobias | 08/02/06
Perfect  baggins_z | 08/02/06
I've never  mdemuth | 08/02/06
Oh really  kamm | 08/02/06
No, I use free aftermarket AV  mdemuth | 08/02/06
Yep  kamm | 08/02/06
cost  SC-man | 08/03/06
Never=B/S  philscbx@... | 08/02/06
Just a thought...  Zeppo9191 | 08/02/06
Sonny, you could have done more with a Mac  MacGeek2121 | 08/02/06
The article was about Mac's  balsover | 08/02/06
Just because you want to see it this way.  timefly | 08/02/06
Yes there are?  IceTheNet@... | 08/02/06
I use all those OSes  MacGeek2121 | 08/02/06
Perect  steveh99 | 08/02/06
MAC worshippers  jemd@... | 08/02/06
If you run over them with a truck or throw them out 10 story windows  MacGeek2121 | 08/02/06
Well compared to MS...  kamm | 08/02/06
Loose in the wild...  interested_amateur@... | 08/02/06
Loose in the wild...??  sy34010 | 08/02/06
Loose in the wild.  nix_hed | 08/02/06
Waste what money?  flatliner | 08/03/06
I think you opend the wrong can of Whupass  digital@... | 08/02/06
WHOOP *SS EXACTLY !  Intellihence | 08/02/06
10.3.9 to the 10.4 is an upgrade  MacGeek2121 | 08/02/06
Service Pack II  steveh99 | 08/02/06
Make the comparison  Intellihence | 08/02/06
Hmmm my PC runs  Linux User 147560 | 08/02/06
Kubuntu PPC and Mandriva Linux PPC rocks on the PPC PowerMacintosh !  Intellihence | 08/02/06
I have a Yellow Dog, and it's name is Dayton  nix_hed | 08/02/06
/Sarcasm-o-meter exploded  Len Rooney | 08/02/06
Apple fixes 26 Mac flaws  Kobashrer | 08/02/06
The Real Issue  pritchet1 | 08/02/06
Copy/paste  pritchet1 | 08/02/06
Mindless babbling  balsover | 08/02/06
Yes , so shut your trap balsover ,,,  Intellihence | 08/02/06
babbling  steveh99 | 08/02/06
The point is NOT to 'convert'..  nomorems | 08/02/06
converts  steveh99 | 08/02/06
I agree  Lady Onyx | 08/02/06
typo  Lady Onyx | 08/02/06
I agree  steveh99 | 08/02/06
I also agree  ken_ballard@... | 08/02/06
No there is a fine example of an intelligent response  balsover | 08/02/06
Excellent?  RocketEater | 08/02/06
MS  steveh99 | 08/02/06
not perfect...  bgonetoo | 08/02/06
Man ~  nomorems | 08/02/06
Well, actually....  tangent001 | 08/02/06
Important issue is that they fixed or attempted to fix flaws  Boot_Agnostic | 08/02/06
I agree  999ad@... | 08/02/06
Finally  IceTheNet@... | 08/02/06
It should be clear  Qbt | 08/02/06
That's some spin, brother.  999ad@... | 08/02/06
I wonder  Qbt | 08/02/06
So, are Macs more secure?  Misha35 | 08/02/06
The problem  Qbt | 08/02/06
As an avowed 'Apple shill'...  tangent001 | 08/02/06
Yet another lame smear..  dtillman | 08/02/06
Nothing to enjoy  Mectron | 08/02/06
Lots to enjoy  MacCanuck | 08/02/06
Whom are you trying to convince?  IceTheNet@... | 08/02/06
I WAS going to suggest  MacCanuck | 08/02/06
I don't 'waist' my money unless I'm traveling.  Zeppo9191 | 08/02/06
oh lord  washwords | 08/02/06
Lots To Enjoy  steveh99 | 08/02/06
Yes, do grow up  MacCanuck | 08/03/06
As an Apple shill  kamm | 08/02/06
In what world?  IceTheNet@... | 08/02/06
oop's wrong spot! Wheres the edit button :o (nt)  IceTheNet@... | 08/02/06
oh right spot happy  IceTheNet@... | 08/02/06
Here are my facts, where are yours?  tangent001 | 08/02/06
RE: In what world?  Bex275 | 08/03/06
Just ignore as there's no credibility  MacCanuck | 08/03/06
Funny to see the Windows stalwarts...  dtillman | 08/02/06
"Apple fixes 26 Mac OS flaws"  Intellihence | 08/02/06
Vulnerabilities  m-nature | 08/02/06
MACS VS PC's  ocardenas | 08/02/06
Mac VS PC  steveh99 | 08/02/06
The point is...  nomorems | 08/02/06
Time is Money  ocardenas | 08/02/06
Time is money  steveh99 | 08/02/06
Time is money  ocardenas | 08/03/06
Time is money  tealcat | 08/03/06
time is money  ocardenas | 08/03/06
Here we go  Shelendrea | 08/02/06
Shelendrea , Ssshhh ,,,  Intellihence | 08/02/06
More info  Len Rooney | 08/02/06
just curious as to the update proceedure...  JoeMama_z | 08/02/06
FYI  tangent001 | 08/02/06
It's auto, but  j.m.galvin | 08/02/06
well thats good....  JoeMama_z | 08/02/06
also...  Arm A. Geddon | 08/02/06
It will NEVER Be a Problem!!!  bka1959 | 08/02/06
If I was a hacker  nix_hed | 08/02/06
who will you brag to?  joethemacfan | 08/02/06
Not if your trying to make $$$  bka1959 | 08/02/06
Update and Security fixes  philscbx@... | 08/02/06
Tooth Fairy  JustGitRDone | 08/02/06
I think this has been argued to death already....so  Laff | 08/02/06
See you and Windoz to Mac and......  Jay E Court | 08/02/06
sad  timefly | 08/02/06
Reality Check  Qbt | 08/03/06
Consider the source!  timefly | 08/05/06
Consider the source!  timefly | 08/05/06
Consider the source!  timefly | 08/05/06
Consider the source!  timefly | 08/05/06
Scheduled doesn't equate to always releasing  Boot_Agnostic | 08/03/06

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
advertisement
Click Here