Posted on 04/20/2007 7:51:27 PM PDT by jdm
On Thursday, Apple issued a megapatch of bug-fixes for its Mac OS X desktop and OS X server systems. The fixes, 25 in all, are itemized in the company's Security Update 2007-004.Apple recommended that all OS X users install the update. It said that the vulnerabilities could lead to a system crash or allow an intruder to run unauthorized software on the computer. The fixes relate to various components and services in the Mac OS X operating system, including the AirPort driver, the Help view and the Installer application.
About half of the patches relate to security Relevant Products/Services, such as remote code execution that could permit a hacker to obtain control over a Mac, although there have been no such reported attacks.
Kerberos, iChat
Several of the vulnerabilities are within Kerberos, a network authentication protocol developed at M.I.T. "Running the Kerberos administration daemon may lead to an unexpected application termination or arbitrary code execution with system privileges," Apple said in its Update. Apple credited the M.I.T. Kerberos Team with reporting the issue.
The Libinfo component and LoginWindow software were identified as having flaws that could allow a user to bypass authentication. Video chat was also flagged as being vulnerable. The iChat component had a vulnerability that could allow a malicious user to remotely execute code through a malformed chat request.
Apple also identified a vulnerability in Airport that could allow remote execution in a legacy system, and a patch was included. However, the latest Mac Pro, iMac or MacBook systems are not affected.
The patches also deal with eight identified vulnerabilities in the way the operating system handles disk images. Apple said that mounting a malicious disk image could lead to a security breach.
Largest in March
In early March, Apple also released a large set of fixes. In that batch, the largest so far this year, there were 30 patches for 22 applications. In 2007, the Cupertino, California-based company has issued an average of one security update per month. This is a faster pace than in 2006, when Apple released eight sets of patches in the entire year.
This week's update also addresses several zero-day bugs that were revealed as part of the Month of Apple Bugs in January. The Month of Apple Bugs was a project by two researchers, Kevin Finisterre and the pseudonymous LMH, who reported one flaw per day in Mac OS X or in Mac applications. Each of the vulnerabilities was a previously undocumented security issue.
LMH also led the Month of Kernel Bugs last November. Last summer, researcher HD Moore had orchestrated a Month of Browser Bugs, which focused on unpatched security flaws in Firefox, Internet Explorer, Safari, and Opera.
Have not seen the patch -— ????? Should be on the Apple download server....
Think I figured it out — this is 10.4.9. Already had it installed -— :-)
gotta stop watchin’ those MAC vs PC commercials, LOL.....I KNEW that casual looking twerp-dweeb was a democrat :)
Why would a Mac need a security update? I thought they didn’t get viruses, hacked, etc.
C’mon, Eagle. Go to the Apple Menu, choose “Software Update...” and click “Install” to install Security Update 2007-004. Nothing to it. And it’s only 10 MB.
lol..
Just remember Rodney when something goes wrong on a PC it’s MS’s fault. WHen something goes wrong on an Apple it’s the users fault, so really this update is the users fault.
I’m LMAO...
hackers?......say it ain't so!....har har har
There must have been a "surge" in mac users that make it somewhat worthwhile to hack a mac...
LOL. Got it. Thanks.
I thought that Apple computers were without out blemish (GOD like existence and all) … why do they need for fixes?
Horror or horrors, the Mac has need of updating and fixes? I thought this was a malady only belonged to MS.
25 at a time, no less!
I thought so....
bump
Welcome to Intel.......
I’d buy a Mac, but I’m not gay.
Well, I got two Macs and never turn them off.... wish I could say that about my windows machines...
MAC = flashy GUI with a Linux core. Go with Fedora Core 6 and enjoy life. MACs piss me off because they tout their utilitarian nature, but they’re just as vulnerable as any PC. It’s dependent on the user. MS just went about security the wrong way, and they still haven’t made a product worth buying with Vista.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.