Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Apple Issues Megapatch of 25 Fixes
Newsfactor ^ | April 20, 2007 | Barry Levine

Posted on 04/20/2007 7:51:27 PM PDT by jdm

On Thursday, Apple issued a megapatch of bug-fixes for its Mac OS X desktop and OS X server systems. The fixes, 25 in all, are itemized in the company's Security Update 2007-004.

Apple recommended that all OS X users install the update. It said that the vulnerabilities could lead to a system crash or allow an intruder to run unauthorized software on the computer. The fixes relate to various components and services in the Mac OS X operating system, including the AirPort driver, the Help view and the Installer application.

About half of the patches relate to security Relevant Products/Services, such as remote code execution that could permit a hacker to obtain control over a Mac, although there have been no such reported attacks.

Kerberos, iChat

Several of the vulnerabilities are within Kerberos, a network authentication protocol developed at M.I.T. "Running the Kerberos administration daemon may lead to an unexpected application termination or arbitrary code execution with system privileges," Apple said in its Update. Apple credited the M.I.T. Kerberos Team with reporting the issue.

The Libinfo component and LoginWindow software were identified as having flaws that could allow a user to bypass authentication. Video chat was also flagged as being vulnerable. The iChat component had a vulnerability that could allow a malicious user to remotely execute code through a malformed chat request.

Apple also identified a vulnerability in Airport that could allow remote execution in a legacy system, and a patch was included. However, the latest Mac Pro, iMac or MacBook systems are not affected.

The patches also deal with eight identified vulnerabilities in the way the operating system handles disk images. Apple said that mounting a malicious disk image could lead to a security breach.

Largest in March

In early March, Apple also released a large set of fixes. In that batch, the largest so far this year, there were 30 patches for 22 applications. In 2007, the Cupertino, California-based company has issued an average of one security update per month. This is a faster pace than in 2006, when Apple released eight sets of patches in the entire year.

This week's update also addresses several zero-day bugs that were revealed as part of the Month of Apple Bugs in January. The Month of Apple Bugs was a project by two researchers, Kevin Finisterre and the pseudonymous LMH, who reported one flaw per day in Mac OS X or in Mac applications. Each of the vulnerabilities was a previously undocumented security issue.

LMH also led the Month of Kernel Bugs last November. Last summer, researcher HD Moore had orchestrated a Month of Browser Bugs, which focused on unpatched security flaws in Firefox, Internet Explorer, Safari, and Opera.



TOPICS: Business/Economy; Culture/Society; News/Current Events
KEYWORDS: apple; mac; patch
Navigation: use the links below to view more comments.
first 1-2021-4041-45 next last

1 posted on 04/20/2007 7:51:28 PM PDT by jdm
[ Post Reply | Private Reply | View Replies]

To: jdm

Have not seen the patch -— ????? Should be on the Apple download server....


2 posted on 04/20/2007 8:00:18 PM PDT by EagleUSA
[ Post Reply | Private Reply | To 1 | View Replies]

To: EagleUSA

Think I figured it out — this is 10.4.9. Already had it installed -— :-)


3 posted on 04/20/2007 8:05:58 PM PDT by EagleUSA
[ Post Reply | Private Reply | To 2 | View Replies]

To: jdm

gotta stop watchin’ those MAC vs PC commercials, LOL.....I KNEW that casual looking twerp-dweeb was a democrat :)


4 posted on 04/20/2007 8:06:21 PM PDT by Vn_survivor_67-68
[ Post Reply | Private Reply | To 1 | View Replies]

To: jdm

Why would a Mac need a security update? I thought they didn’t get viruses, hacked, etc.


5 posted on 04/20/2007 8:07:08 PM PDT by Rodney King (No, we can't all just get along.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: EagleUSA

C’mon, Eagle. Go to the Apple Menu, choose “Software Update...” and click “Install” to install Security Update 2007-004. Nothing to it. And it’s only 10 MB.


6 posted on 04/20/2007 8:07:36 PM PDT by ProtectOurFreedom
[ Post Reply | Private Reply | To 2 | View Replies]

To: Rodney King

lol..


7 posted on 04/20/2007 8:07:59 PM PDT by TomServo ("Jim Henson's Flying Leatherneck Babies!")
[ Post Reply | Private Reply | To 5 | View Replies]

To: Rodney King

Just remember Rodney when something goes wrong on a PC it’s MS’s fault. WHen something goes wrong on an Apple it’s the users fault, so really this update is the users fault.


8 posted on 04/20/2007 8:11:54 PM PDT by aft_lizard (born conservative...I chose to be a republican)
[ Post Reply | Private Reply | To 5 | View Replies]

To: aft_lizard

I’m LMAO...


9 posted on 04/20/2007 8:12:25 PM PDT by TomServo ("Jim Henson's Flying Leatherneck Babies!")
[ Post Reply | Private Reply | To 8 | View Replies]

To: jdm
It said that the vulnerabilities could lead to a system crash or allow an intruder to run unauthorized software on the computer...

hackers?......say it ain't so!....har har har

There must have been a "surge" in mac users that make it somewhat worthwhile to hack a mac...

10 posted on 04/20/2007 8:12:44 PM PDT by B.O. Plenty (Give war a chance...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: aft_lizard

LOL. Got it. Thanks.


11 posted on 04/20/2007 8:15:29 PM PDT by Rodney King (No, we can't all just get along.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: B.O. Plenty
Did you hear about the recent contest to “hack” a Mac? The winner got $10K. Originally, the first prize was a Mac, but then the contest organizers realized a new Mac for a prize wasn’t good enough — might not attract enough hackers.
12 posted on 04/20/2007 8:19:28 PM PDT by jdm
[ Post Reply | Private Reply | To 10 | View Replies]

Comment #13 Removed by Moderator

To: Rodney King

I thought that Apple computers were without out blemish (GOD like existence and all) … why do they need for fixes?

Horror or horrors, the Mac has need of updating and fixes? I thought this was a malady only belonged to MS.

25 at a time, no less!


14 posted on 04/20/2007 8:20:10 PM PDT by doc1019 (Fred Thompson '08)
[ Post Reply | Private Reply | To 5 | View Replies]

To: jdm

I thought so....


15 posted on 04/20/2007 8:22:19 PM PDT by B.O. Plenty (Give war a chance...)
[ Post Reply | Private Reply | To 12 | View Replies]

To: jdm

bump


16 posted on 04/20/2007 8:22:26 PM PDT by Centurion2000 (Killing all of your enemies without mercy is the only sure way of sleeping soundly at night.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jdm

Welcome to Intel.......


17 posted on 04/20/2007 8:22:56 PM PDT by CrappieLuck
[ Post Reply | Private Reply | To 1 | View Replies]

To: John Williams

I’d buy a Mac, but I’m not gay.


18 posted on 04/20/2007 8:23:34 PM PDT by Rodney King (No, we can't all just get along.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: CrappieLuck

Well, I got two Macs and never turn them off.... wish I could say that about my windows machines...


19 posted on 04/20/2007 8:27:40 PM PDT by pointsal (q)
[ Post Reply | Private Reply | To 17 | View Replies]

To: doc1019

MAC = flashy GUI with a Linux core. Go with Fedora Core 6 and enjoy life. MACs piss me off because they tout their utilitarian nature, but they’re just as vulnerable as any PC. It’s dependent on the user. MS just went about security the wrong way, and they still haven’t made a product worth buying with Vista.


20 posted on 04/20/2007 8:29:11 PM PDT by rarestia ("One man with a gun can control 100 without one." - Lenin / Molwn Labe!)
[ Post Reply | Private Reply | To 14 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-45 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson