Replies

Another breathless FUD article claiming that Apple Mac OSX is not secure... even though there are no viruses in the wild and only 19 known Trojans in four Trojan families in the wild (which the OS WILL tell you you are downloading and warn you not to install). This article is Mostly FUD... PING!
These articles are released like clockwork EVERYTIME Apple releases an update. It never fails. Release an update... and someone writes one of these claiming "SEE! SEE! Macs are not secure! They fixed something... They Patched a vulnerability... it had a flaw! It wasn't perfect!"
Vulnerabilities are NOT EXPLOITS! This is especially true if the vulnerability is prevented from being exploited by other protections that have been put in place such as data being placed in non-executable memory locations where such vulnerabilities can do no damage.
Yes, Apple included in the upgrade from Mac OSX.6.4 to OSX.6.5 some 134 security patches and fixes... but 55 of them were fixes to Adobe Flash (a third party software whose upgrades are normally handled completely separately in Windows), others were patches for Apache, patches for UNIX™ utilities that are included with OSX but not part of OSX but needed updating, CUPS, PHP, Python Programing Language, and also including 16 for the optional install X-11 that allows UNIX™ apps to run natively.
Windows patches DO NOT INCLUDE such third party updates or patches and require these to come from the publishers them selves. Apple includes them with their updates... and gets DINGED for them by the authors of these FUD articles.

Please, No Flame Wars!
Discuss Issues, Software, and Hardware.
Don't attack people!
Please Ignore the anti-Apple thread trolls!

Apple FUD article Ping!

If you want on or off the Mac Ping List, Freepmail me.

And people wonder why Apple told Adobe to dissociate their buggy, insecure software from OS-X as of the new Macbook Airs.

If I were Apple I'd be tired of getting dinged for Adobe's crapware too.

As you say, "Vulnerabilities are NOT Exploits". Of course, this is true for Windows and other OSes as well. The problem with Windows is so many of the vulnerabilities WERE exploited in the wild.

I don't actually care how many vulnerabilities got patched. They're fixed now. I only care about the ones that remain! :)

In addition, this update, being a point update, collects all the security updates since the last point updates and includes them in the distribution... so some of these have already been issued. . . and are, in effect, being counted twice. I though I recognized some of these.

They are included in the point updates because some people skip the minor updates. This corrects that failing. Their machines get updated all at once. If you have been conscientious and done the incremental updates as they were released, then the older, all ready installed ones will not be installed with the update.

Note also, that the total number of "vulnerabilities" varies according to who is reporting the count. I've seen it reported between 131 to 134 to 141... depending on whether you included the OSX Server or not... and perhaps some other things. No one is bothering to check on the aging and check which are just new to this release. I know the Adobe Flash ones are, as are the Java updates. There are also a bunch of updates to HP network printer drivers with security fixes (in CUPS) as well... also apparently included in the count.

Yes, Apple included in the upgrade from Mac OSX.6.4 to OSX.6.5 some 134 security patches and fixes... but 55 of them were fixes to Adobe Flash (a third party software whose upgrades are normally handled completely separately in Windows), others were patches for Apache, patches for UNIX™ utilities that are included with OSX but not part of OSX but needed updating, CUPS, PHP, Python Programing Language, and also including 16 for the optional install X-11 that allows UNIX™ apps to run natively.

Windows patches DO NOT INCLUDE such third party updates or patches and require these to come from the publishers them selves. Apple includes them with their updates... and gets DINGED for them by the authors of these FUD articles.

Excellent points. Nice graphic too.