Apple unloads dozens of fixes for OS X | Tech News on ZDNet

On CNET: Best budget PCs under $600

BNET Business Network:: BNET; TechRepublic; ZDNet

TalkBack

By Dawn Kawamoto, News.com
Posted on ZDNet News: Aug 16, 2005 4:39:00 PM

Apple Computer has released what seems to be one of its larger security updates for Mac OS X, doling out fixes for 44 flaws.

Still, only a handful of the vulnerabilities are of major concern, according to security analysts. The package of fixes was released Monday.

"This one is a big update. I don't recall seeing as many updates as we see today," said Thomas Kristensen, Secunia's chief technology officer.

By comparison, Apple last May released an update for 20 vulnerabilities and in March distributed an update for a dozen flaws.

But Kristensen noted that, with the new update, only a few of the 44 vulnerabilities are of great concern. He also said that 25 percent of the patches involve older vulnerabilities that have yet to lead to exploit code being developed by attackers. Still, Secunia is rating the overall update as "highly critical."

Apple declined to comment on the vulnerabilities and referred all questions to its security update.

The flaws affect Apple's Mac OS 10.3.9 and 10.4.2 operating system software and related server software.

Kristensen said that some vulnerabilities involving AppKit and Safari are critical.

AppKit, which is used to open RTFs (rich text files) and Word documents, has flaws that allow a remote attacker to create a malicious file that results in a buffer overflow. That in turn can lead to arbitrary code being executed on a user's system.

Apple, however, notes that only some applications use AppKit, and that Microsoft Word for Mac OS X is not vulnerable.

Flaws in Safari, meanwhile, can allow an attacker to bypass the browser's security checks and execute arbitrary commands, when the user clicks on a maliciously crafted rich text file.

Another flaw, a vulnerability in Apple's Sever Manager D, a modified version of Apache, is also being considered critical by some.

That flaw can result in a buffer overflow and remote execution of code by an attacker, with no user interaction, said Frank Nagle, assistant director of vulnerability aggregation for iDefense, a VeriSign company.

Although Apple lists other security flaws that could be exploited by a remote attacker, they are "less critical," according to Secunia.

For example, two vulnerabilities in Apache 2 could be exploited by a remote attacker to either bypass security restrictions or launch a denial-of-service attack.

But Apple did not set Apache 2 by default, so it is less of an issue than it would be if the same vulnerabilities affected Apache 1.3, Nagle said.

Talkback
Most Recent of 130 Talkback(s)

Thread View
Flat View

MSCE . . .: monkeys and shills . . .

. . . the 10% of the "90%" [whose computers allegedly run Windows variants] who seem genuinely ignorant about *why* rest of the "90%" are ready to switch to another OS ... (Read the rest); Posted by: brian ansorge Posted on: 08/20/05 You are currently: Logged In | Log out

Dang IT Scion | 08/16/05

Apple Unloads dozens of fixes bka1959 | 08/16/05

There are millions of Mac users. MacGeek2121 | 08/17/05

Apple not breached? mhuddy | 08/17/05

Laudy laudy... nomorems | 08/17/05

Apple unloads dozens of fixes for Mac OS X Loverock Davidson | 08/16/05

As long as they keep ahead... TheCrow_z | 08/16/05

sure sp29 | 08/16/05

Not any more! They fix stuff... BitTwiddler | 08/16/05

I'm confused Loverock tic swayback | 08/16/05

Because he's an idiot... (NT) widge_z | 08/16/05

Aww someone is jealous of me (NT) Loverock Davidson | 08/16/05

Confused no more Loverock Davidson | 08/16/05

All credibility just went out the window with mlindl | 08/16/05

Just a second there professor Loverock Davidson | 08/16/05

If true... tic swayback | 08/16/05

If true... Loverock Davidson | 08/16/05

Why should you be fair? tic swayback | 08/17/05

Windows needing patches? What an odd concept...:) Laff | 08/17/05

God bless you all. MacGeek2121 | 08/17/05

So are you saying you want "MY" God the God I worship Laff | 08/17/05

You assume a lot! zaphod@... | 08/17/05

I got Thor's Blessing - I_am_hellion_z | 08/19/05

Confused? D-Ram | 08/17/05

Just looking for consistency tic swayback | 08/17/05

I give it a 1.325 (NT) Trevor_G | 08/17/05

Apple fixes trm1945 | 08/16/05

Please don't feed the troll Confused by religion | 08/16/05

But Milly, Trolls need to eat too Loverock Davidson | 08/16/05

Patches on Mac OS X... How is it possible? jorgemar | 08/16/05

Yeah, and if my house Len Rooney | 08/16/05

Ok i got some thing for you Ishkaboo | 08/16/05

Hey, I tried it Len Rooney | 08/16/05

Thanks ndelc | 08/16/05

Your correct Ishkaboo | 08/16/05

And Each Mac Revision was $149 As I Recall (nt) PMC-CON | 08/17/05

Ah, no... Jkirk3279 | 08/17/05

Show you a Safer OS.... rscott22 | 08/16/05

Wrong ndelc | 08/16/05

Windows vulnerabilities... rscott22 | 08/16/05

Counting Consequences Harry Bardal | 08/16/05

It's allways a laugh reading here at zdnet John Zern | 08/16/05

Find me a "Mac OS X is perfect" message mlindl | 08/16/05

Perfect... rscott22 | 08/16/05

Good point. John Zern | 08/16/05

Don't blame the OS for your lack of skillz... bugmenotznet | 08/17/05

You calling the kettle black? gary.douglas@... | 08/17/05

I've had 1 OSX freezup in the last year. MacGeek2121 | 08/17/05

Uh-Humm .. Windows XP Pro? Does Need Maintenance ... PMC-CON | 08/17/05

Exactly ... PMC-CON | 08/17/05

Mac OS not Perfect! An_Axe_to_Grind | 08/16/05

MSCE . . . brian ansorge | 08/20/05

Fact: There is no perfectly secure software. No_Ax_to_Grind | 08/16/05

Quite right Michael Kelly | 08/16/05

No, because you're not comparing apples to apples Real World | 08/16/05

Sticky AdeOghert | 08/16/05

Excellent post (NT) rapson | 08/16/05

Well, sort of... ndelc | 08/16/05

Beg to disagree 3D0G | 08/17/05

Assumptions ndelc | 08/17/05

I agree Partially crashoverride | 08/16/05

Speedy? ye | 08/16/05

RE: Speedy? Linux User 147560 | 08/16/05

This is not a hostile remark but mlindl | 08/16/05

It's not that I am refusing anything crashoverride | 08/16/05

The iPod Company PMC-CON | 08/17/05

BiG Assumptions About Level of Maturity, Research PMC-CON | 08/17/05

The High Road Harry Bardal | 08/16/05

I guess that leaves you out after ... ShadeTree | 08/16/05

Platforms, Pick One Harry Bardal | 08/16/05

If security were the only factor, I think you would be right... jrussel21 | 08/16/05

Factors other than security Mr_Dave | 08/16/05

Your link is more than a year old MacGeek2121 | 08/17/05

Sorry you couldn't join me. No_Ax_to_Grind | 08/16/05

3 OS's have been verified as secure. B.O.F.H. | 08/16/05

I told you before. No_Ax_to_Grind | 08/17/05

Which ones run on a PC? No_Ax_to_Grind | 08/17/05

Love it Ishkaboo | 08/16/05

Ain't no way Real World | 08/16/05

RE: Love it Linux User 147560 | 08/16/05

Sorry, Windows is the inferior OS MacGeek2121 | 08/17/05

iBook Frenzy....don't get stomped! sp29 | 08/16/05

Un-freaking-believable Real World | 08/16/05

From the story Confused by religion | 08/16/05

Theses are the same idiots... MacCanuck | 08/16/05

So because they bought Dell computers ... ShadeTree | 08/16/05

I'd be will to bet your life Shade that the model Dell's Laff | 08/17/05

Evidence rather than bias, MacCanuck | 08/17/05

Right you are!! Misha35 | 08/17/05

The original iBooks Henrico received ... MacGeek2121 | 08/17/05

Forgot to point out the highly acclaimed Apple apps MacCanuck | 08/17/05

Office MacGeek2121 | 08/17/05

Hey Shade check out the news!!! Did you see that Laff | 08/17/05

No One... Misha35 | 08/17/05

They bought Dells because Dell offered them a lower entry price. MacGeek2121 | 08/17/05

In a Year's Time Jkirk3279 | 08/17/05

Bargain Hunters! MacGeek2121 | 08/17/05

RE: Makes me rather embarrassed to own a Mac (iBook - which I love.) Squawkbox | 08/17/05

Paints a pretty picture of a Mac User - doncha think Gonna_Snap | 08/16/05

I don't think so ndelc | 08/16/05

Any Laptop... MacGeek2121 | 08/17/05

Those weren't necessarily Mac zealots MacGeek2121 | 08/17/05

OH puhlease Squawkbox | 08/17/05

Morons Jkirk3279 | 08/17/05

I'm just wondering how responsive Apple was ... ShadeTree | 08/16/05

Good question!! mlindl | 08/16/05

Not long enough... ndelc | 08/16/05

No need to feel paranoid,now Confused by religion | 08/16/05

Given the severity and number of these flaws, just imagine.... toadlife | 08/16/05

Re: Given the severity and number of these flaws, just imagine.... none none | 08/16/05

That would be cool. toadlife | 08/17/05

The truth! An_Axe_to_Grind | 08/16/05

Arent most of Windows patches John Zern | 08/16/05

You were saying

MacCanuck | 08/17/05

When the patch was released... 3D0G | 08/17/05

Most flaws are discovered by the company theraven_z | 08/17/05

You think 44 is a lot? ewelch | 08/16/05

Nobody uses it theraven_z | 08/17/05

Millions use it.....and that number is growing:) Laff | 08/17/05

A good question Richard Flude | 08/16/05

I'm not sure.... MacGeek2121 | 08/17/05

Thank God for a software Company that cares! An_Axe_to_Grind | 08/16/05

Ah, you mean like Microsoft's and Linux's updates. No_Ax_to_Grind | 08/17/05

So why isn't the headline mlindl | 08/16/05

Thanks Apple jforjan@... | 08/17/05

Not necessarily theraven_z | 08/17/05

Oh there are OTHER reasons as well.... Laff | 08/17/05

"Amen" to that! Misha35 | 08/17/05

When Apple patches it is good. When ... MacGeek2121 | 08/17/05

Plain Common Sense Jkirk3279 | 08/17/05

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Whitepapers & Webcasts

A Step-by-Step Guide to Starting Up SaaS Operations OpSource
Executive Report: The Path to Sales Effectiveness AchieveGlobal
A Guide to Provisioning, Billing and Nurturing Users of Web Applications and On-Demand Solutions OpSource
Ipswitch WhatsUp Gold Distributed Edition v12 - Central Site Installation Ipswitch
Avoiding the Compliance Trap for Travel and Expenses Concur Technologies
Ipswitch WhatsUp Gold Standard Edition v12 Ipswitch

Click Here

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More