Original Thread from yesterday
If you want on or off the Mac Ping List, Freepmail me.
Posted on 04/20/2007 7:51:27 PM PDT by jdm
On Thursday, Apple issued a megapatch of bug-fixes for its Mac OS X desktop and OS X server systems. The fixes, 25 in all, are itemized in the company's Security Update 2007-004.Apple recommended that all OS X users install the update. It said that the vulnerabilities could lead to a system crash or allow an intruder to run unauthorized software on the computer. The fixes relate to various components and services in the Mac OS X operating system, including the AirPort driver, the Help view and the Installer application.
About half of the patches relate to security Relevant Products/Services, such as remote code execution that could permit a hacker to obtain control over a Mac, although there have been no such reported attacks.
Kerberos, iChat
Several of the vulnerabilities are within Kerberos, a network authentication protocol developed at M.I.T. "Running the Kerberos administration daemon may lead to an unexpected application termination or arbitrary code execution with system privileges," Apple said in its Update. Apple credited the M.I.T. Kerberos Team with reporting the issue.
The Libinfo component and LoginWindow software were identified as having flaws that could allow a user to bypass authentication. Video chat was also flagged as being vulnerable. The iChat component had a vulnerability that could allow a malicious user to remotely execute code through a malformed chat request.
Apple also identified a vulnerability in Airport that could allow remote execution in a legacy system, and a patch was included. However, the latest Mac Pro, iMac or MacBook systems are not affected.
The patches also deal with eight identified vulnerabilities in the way the operating system handles disk images. Apple said that mounting a malicious disk image could lead to a security breach.
Largest in March
In early March, Apple also released a large set of fixes. In that batch, the largest so far this year, there were 30 patches for 22 applications. In 2007, the Cupertino, California-based company has issued an average of one security update per month. This is a faster pace than in 2006, when Apple released eight sets of patches in the entire year.
This week's update also addresses several zero-day bugs that were revealed as part of the Month of Apple Bugs in January. The Month of Apple Bugs was a project by two researchers, Kevin Finisterre and the pseudonymous LMH, who reported one flaw per day in Mac OS X or in Mac applications. Each of the vulnerabilities was a previously undocumented security issue.
LMH also led the Month of Kernel Bugs last November. Last summer, researcher HD Moore had orchestrated a Month of Browser Bugs, which focused on unpatched security flaws in Firefox, Internet Explorer, Safari, and Opera.
That would work nicely as a tagline!
Would love to but most of my customers are MS users. I spend a majority of my time producing training material (my job), and for the most part they are MS users. Got to go with the dollars.
It practically is his tagline. He spends a lot of time denying he’s gay, for some reason known best to himself.
When i see your FR name, I think of such quotes as “Uncle Jim’s farm of secrets and lies” or “Son, can you identify this bucket of your brother?”
LOL!!! Great stuff! :-)
I’m running a old powerbook G4 and a new macbook pro.
The “pro” has problems I can’t even bgine to list.
But the G4 is still running 3 years strong.
I’m not impressed with the intel. I’m flat PO’d at Adobe, but that’s a whole different thread.
I’ve never owned a PC so I couldnt’ really compare. But IMO, MAC has lost a lot of quality in the past few years.
Original Thread from yesterday
If you want on or off the Mac Ping List, Freepmail me.
No. It is a security update to 10.4.9... you need to use the "Software Update" under the Blue Apple on the menu bar (top left corner of your screen).
No Linux here... UNIX...
They don't.
Apple likes keeping it that way.
I have been collecting the boxed sets from Rhino and watching episodes on YouTube (they have about 90% of the episodes on there including the KTMA era).
MST3K rates among my top 10 favourite TV programmes.
Note, all of these security patches had been added to the target computers.
Don’t underestimate yourself. You’re totally gay.
You assume correctly.
as well.
#5 - Invulnerability - I thought they didn’t get viruses, hacked, etc.
#10 - the market share canard. - There must have been a "surge" in mac users that make it somewhat worthwhile to hack a mac...
#14 - OSX is perfect canard - Horror or horrors, the Mac has need of updating and fixes? I thought this was a malady only belonged to MS.
#18 - Mac users are gay - I’d buy a Mac, but I’m not gay. (we think the poster doth protest too much)
#20 - Bogus Mac = Linux comment - MAC = flashy GUI with a Linux core. (Not that there'd be anything wrong with that even if it were true.)
Looks like we have some slackers out there tonight. The gay comment didn't show up until post #18. Y'all can do better than that! Maybe their windows boxes were rebooting, or they were too busy installing one of the recent emergency patches that came out recently for windows.
By two people on an insecure network, and it required one of them to sit at the machine. And they lowered security to try to achieve that result.
I'm not saying Mac OS is completely bulletproof -- this isn't the first potential exploit in the wild. And of course, no system is secure if the luser is dumb enough to download an app or open an e-mail attachment and then type in a password.
But I have yet to see or hear of OS X spyware, viruses or trojans in the wild. And it's certainly not something any script kiddie can do. The closest thing I've seen is one site where a white-hat used a known exploit to save a text file to my hard drive to warn of a vulnerability back in about 10.2 -- I blocked the applicable port, and Apple patched it soon after.
Note, all of these security patches had been added to the target computers.
I"m nt so sure of that -- the 2007-004 patch was released Thursday, after the contest had begun -- the head of the contest says "all the latest" patches were applied, but it's not clear when he said that or whether he'd heard of the brand-new one. That said, it doesn't really matter, because the 2007-004 documentation doesn't say anything about it patching a Safari vulnerability.
you need to use the “Software Update” under the Blue Apple
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.