facebook rss twitter

Apple deploys security update for Mac OS X

by Parm Mann on 18 December 2007, 12:43

Tags: Apple (NASDAQ:AAPL)

Quick Link: HEXUS.net/qaks5

Add to My Vault: x

Available now via Apple's Software Update

Apple has made available its Security Update 2007-009 which can be downloaded and installed via Apple's Software Update, or from Apple Downloads.

The updates, available for Mac OS X v10.4.11 and Mac OS X v10.5.1, correct flaws that Apple say could lead to "unexpected application termination or arbitrary code execution."

Contained within the update are fixes for Address Book, CFNetwork, ColorSync, Core Foundation, CUPS, Desktop Services, Flash Player Plug-in, GNU Tar, iChat, IO Storage Family, Launch Services, Mail, perl, python, Quick Look, ruby, Safari, Safari RSS, Samba, Shockwave Plug-in, SMB, Software Update, Spin Tracer, Spotlight, tcpdump and XQuery.

Phew, that's a whole lot of fixes right there. Thorough details on each of the problems can be found in Apple's documentation.

The Apple security updates come hot on the heels of Microsoft's security updates last week as both companies end the year by making security an on-going focus.

Source: Apple.com

HEXUS Forums :: 1 Comment

Login with Forum Account

Don't have an account? Register today!
Posted by TheAnimus - Tue 18 Dec 2007 16:17
The question is of course, are there only 40 critical ones in the pack, or are they trying to downplay dangerous vunerabilities?

Its always a trade off between keeping your users secure, and stopping them from working because you've got to do a sodding update, but in the last week they really have come under flak for what appears, and is very much in keeping with the company is under rating the threat. This is dangerous, far more so than sitting on the release (and bribing/convinsing the researchers not to disclose) as proof of concept code is out there for them.

I've long moaned that Apple actually do sod all to promot security, to the point i'd accuse them of been a windows 98 erea microsoft in the way they deal with threats. But then the OpenBSD ‘luddite’ approche is hardly a good one either, as it tends to rely on the idea of only using mature code (not to saying their auditing ideas aren't good)