Apple fixes 33 security holes

Today Apple shipped another security update for Mac OS X, this time they published at least 33 updates according to ZDNet. The updates include various third party software updates affecting Mac OS X users.

One of the updates includes a fix for Adobe Flash Player, which was shipped with Snow Leopard last week. Apple shipped Snow Leopard to stores with a vulnerable version of Adobe Flash Player, leaving all users who upgraded or did a clean installation at risk.

The security package patches for software includes Adobe's Flash Player plug-in, Clam AV, MySQL and PHP. The security package also includes more serious security patches for components including Alias Manager, CarbonCore, ColorSync, CoreGraphics and ImageIO.

Update 2009-005 will patch several "arbitrary code execution" vulnerabilities that can exploit a user's machine if tricked into opening certain file types.

Adobe Flash Player plug-in released nine different vulnerability patches yesterday, included in security update 2009-005. The most dangerous security hole could compromise a computer through rigged websites.

Report a problem with article
Previous Story

Zune HD to remain US only, for now

Next Story

Skype ending third-party Extras program, starting today

31 Comments

Commenting is disabled on this article.

Great news, but I should receive my pre-order of Snow Leopard 10.6.0 on Monday (hope it's true this time), so I'd rather just wait for that.

No need, this update is not for Snow Leopard but for its predecessors. The only Snow Leopard update up until this day would be 10.6.1.

Is Snow Leopard really needed. Think about this for a moment.

Most macs can't even use the innovative tech (Apple seems to think that using all cores is innovative, yet, Linux has been load balancing for a very long time) and most macs have no need to be booting in to 64bit mode due to the fact that they can not register higher than 4GB of ram.

So, was there any need to release a brand new OS?
Also, it's not 64bit top to bottom, if it was then why do Apple support 32bit applications and STILL they support PPC applications.

Theory for you guys: Apple released this to force people to buy newer macs! then again who's gonna buy a new mac if the OS for them is about as stable and about usefull as a wall made with wet sand?

Have a serious think about that guys! I mean what really is new in Snow Leopard?
Apart from Gand C and Open CL...

To Mods: this is not meant to be flame bait. To any users who are offended by this post then please, stop using the internet fully because there are plenty of other things that will offend you more than simple text!!

FYI

Snow Leopard no longer supports PPC applications (Rosetta) which is why the footprint is so much smaller compared to Leopard.

As for Apple supporting 32-bit applications - why wouldn't they? Imagine if Microsoft dropped 32-bit support... It just wouldn't happen, at least not for now.

To answer your question, is Snow Leopard really needed? Probably not. However was Windows Vista really needed? Not really, as many users preferred Windows XP.

Theory for you guys: Apple released this to force people to buy newer macs!

Apple can't force people to purchase new Macs, and I didn't require a new Mac to run Snow Leopard. Although I'm not saying I disagree with you - isn't this one of the reasons why all profitable vendors release new operating systems? To make money?

Tommy DW said,
and most macs have no need to be booting in to 64bit mode due to the fact that they can not register higher than 4GB of ram.


Where the hell did you get that bit of nonsense?

Wow, quite a lot of bad information and opinion in this post. The only thing offensive in your post is your lack of knowledge.

Tommy DW said,
Is Snow Leopard really needed. Think about this for a moment.

Most macs can't even use the innovative tech (Apple seems to think that using all cores is innovative, yet, Linux has been load balancing for a very long time) and most macs have no need to be booting in to 64bit mode due to the fact that they can not register higher than 4GB of ram.


Apple only changed multitasking/multithreading for developers. They created an easy to use framework that developers can use if they want. They also seemed to have tweaked it a bit and made a better scheduler. If you take Linux that scheduler is there as well but it's being overhauled again and again and again and again. It's one of the biggest projects within the Linux project. FreeBSD also changed it's scheduler stuff when they released 5.0, 6.0 and 7.0. Quite common to do so, not something Apple-specific.

Apart from that most computers have a max of 4 GB for memory but some can do 8GB or even more. Like the entire MacBook Pro range (8GB max) or the Mac Pro (8 GB or 32 GB max) or the Xerve (48 GB max). Not everyone is going to benefit from more then 2 GB, actually most people don't benefit from it because you don't need that much for browsing the web, typing mail, etc. Apart from that, the only Mac that boots with the 64 bit kernel is the Xserve, all others boot the 32 bit kernel. As long as the hardware is 64 bit capable it has the ability to run 64 bit software besides 32 bit. Not that 64 bit will bring you any benefits, most likely it won't make a difference at all. Care, it's ready for whatever lies in the future :)

So, was there any need to release a brand new OS?
Also, it's not 64bit top to bottom, if it was then why do Apple support 32bit applications and STILL they support PPC applications.

The same reason why the 64 bit Windows XP was hardly used: there wasn't that much 64 bit software to use and so there was no need for a 64 bit only Windows version. Microsoft fixed that with Vista and 7: if your hardware is 64 bit capable and you run the 64 bit Vista/7 version you can still use 32 bit software if you have to. PPC apps went out the door when they released Snow Leopard btw.

Theory for you guys: Apple released this to force people to buy newer macs! then again who's gonna buy a new mac if the OS for them is about as stable and about usefull as a wall made with wet sand?

Why? It runs on Macs that are 3 years old up until the very latest.

Have a serious think about that guys! I mean what really is new in Snow Leopard?
Apart from Gand C and Open CL...

As Apple stated from the beginning: this release is all about cleaning stuff up and creating a lot of useful stuff for developers. It's not about adding new features for users. They warned everyone in advance that there won't be much really new stuff in Snow Leopard. The same as Microsoft did with Windows 7

To Mods: this is not meant to be flame bait.

Unfortunately that is really hard to believe, the amount of typo's is unbelievable and the misinformation is ridiculous. You have absolutely no idea what Snow Leopard, Mac, Windows, etc. are :X

roadwarrior said,
Where the hell did you get that bit of nonsense?


It's a well known fact that Snow Leopard has a 32-bit kernel. Apparently they have a 64-bit kernel that's available however only on a very limited number of machines. So it's partially true.

Tim Dawg said,
It's a well known fact that Snow Leopard has a 32-bit kernel. Apparently they have a 64-bit kernel that's available however only on a very limited number of machines. So it's partially true.

It's not available by default. It depends on the model of the Mac and whether or not 64 bit drivers exist for all the hardware. I am able to enable the 64 bit kernel on my 1 year old MacBook Pro, but not on my 1 year old iMac. Though, again, one can't deny the increase in speed that is seen on any machine that has Snow Leopard when compared to previous versions.

I think this is hilerious. (snipped)

A new Os comers out, a week later the company (Apple) releases a huge system update and now several security updates for vunrerbilities which should have been sorted by the final release of snow Leopard.

(snipped)
I don't know whats worse, the (snipped) or this god awful OS. I mean, vista wasn't this bad, at least vista didn't (snipped), but at least apps actually worked!

Simple really, got Leopard? ****ing keep it. I'm never updating to Snow Leopard.....NEVER, seriously, theres nothing in it i need and don't give me all this innovation bull**** either, like OpenCL and Grand C.. We can't even use half that crap yet yet aloone using it to iut's ful;l potential, so (snipped).

One more thing, stop comparing that (snipped) to windows 7, windows 7 is far stabler and safer to use than snow leopard.

I own both mac and pc, both pc's but different operating systems. And heaven forbid i shoudl (snipped)


I won't, the hard drive is infact western digital in the macs, so, instantly your breaking their eula.

Tommy DW said,
A new Os comers out, a week later the company (Apple) releases a huge system update and now several security updates for vunrerbilities which should have been sorted by the final release of snow Leopard.


The Adobe vulnerability was discovered after the code was frozen for inclusion in the OS. The same kind of thing happens with new Windows releases. But of course, you won't let facts stand in your way of bashing something you clearly know very little about.

roadwarrior said,
The Adobe vulnerability was discovered after the code was frozen for inclusion in the OS. The same kind of thing happens with new Windows releases. But of course, you won't let facts stand in your way of bashing something you clearly know very little about.



An update that is a full service pack in size and then an additional 33 security holes?

This is NOT COMMON, in fact is freaking scary.

Windows7 went to RTM at the end of July, to date there is are no known exploits and not ONE security patch or update issued for it.

(Check any RTM copy of Win7, you will find an IE8 update that adjusts compatibility for web sites, and a few malware definition updates, no security updates, no massive OS bugs, nothing. And millions of people are already running Windows7, which is a number that is probably much larger than Snow Leopard and possiblity larger than Snow Leopard and Leopard users combined.)

Point is, this is not normal, and if Microsoft had this many security updates after code was finalized it would be a massive news story and seen as a massive failure on Microsoft's part. Apple doesn't get a free pass because they shoved software out the door early, in fact that makes it even worse.

roadwarrior said,
The Adobe vulnerability was discovered after the code was frozen for inclusion in the OS. The same kind of thing happens with new Windows releases. But of course, you won't let facts stand in your way of bashing something you clearly know very little about.

I clearly know nothing about this! And nor do you!!

Like the rest of us here, youv'e just read blogs, so next time before posting a comment such as that. Have a good think about it!
Theres a good lad!

Also, my comment still stands.

anthonyspt said,
An update that is a full service pack in size and then an additional 33 security holes?

This is NOT COMMON, in fact is freaking scary.

Windows7 went to RTM at the end of July, to date there is are no known exploits and not ONE security patch or update issued for it.

(Check any RTM copy of Win7, you will find an IE8 update that adjusts compatibility for web sites, and a few malware definition updates, no security updates, no massive OS bugs, nothing. And millions of people are already running Windows7, which is a number that is probably much larger than Snow Leopard and possiblity larger than Snow Leopard and Leopard users combined.)

Point is, this is not normal, and if Microsoft had this many security updates after code was finalized it would be a massive news story and seen as a massive failure on Microsoft's part. Apple doesn't get a free pass because they shoved software out the door early, in fact that makes it even worse.

Absolutely correct.

If Microsoft did this, everyone would of jumped over them and raised hell, talk about switching operating system. Apple commits a crime and people just let them get away with doing it, no foul.

Double standard in this industry.

anthonyspt said,
An update that is a full service pack in size and then an additional 33 security holes?

This is NOT COMMON, in fact is freaking scary.

Windows7 went to RTM at the end of July, to date there is are no known exploits and not ONE security patch or update issued for it.

(Check any RTM copy of Win7, you will find an IE8 update that adjusts compatibility for web sites, and a few malware definition updates, no security updates, no massive OS bugs, nothing. And millions of people are already running Windows7, which is a number that is probably much larger than Snow Leopard and possiblity larger than Snow Leopard and Leopard users combined.)

Point is, this is not normal, and if Microsoft had this many security updates after code was finalized it would be a massive news story and seen as a massive failure on Microsoft's part. Apple doesn't get a free pass because they shoved software out the door early, in fact that makes it even worse.

+1

anthonyspt said,
Point is, this is not normal, and if Microsoft had this many security updates after code was finalized it would be a massive news story and seen as a massive failure on Microsoft's part.


Short memory, I guess. Windows XP had 80-100MB worth of updates ready to download when it was released. And Microsoft didn't release them until the retail date, leaving people who were running it since the RTM date unprotected. I can't remember the specifics for Vista (I didn't start running RTM code until well after the retail release), but I don't doubt that the situation was similar.

Tommy DW said,
I think this is hilerious. (snipped)

A new Os comers out, a week later the company (Apple) releases a huge system update and now several security updates for vunrerbilities which should have been sorted by the final release of snow Leopard.


And the most funniest part would be that this security update is for Tiger and Leopard. There is no Snow Leopard update other than the 10.6.1 ;)

From Apple's site:

Products Affected

Product Security, Mac OS X Server 10.5, Mac OS X Server 10.4.x (Universal), Mac OS X Server 10.4.x (PowerPC), Mac OS X 10.5.8 , Mac OS X 10.4.11

So yes, Apple already fixed those 33 security problems in Snow Leopard, either in the GM build or the 10.6.1 update.

Just stop flaming, it's rather childish and makes you look like a fool. And please check for typo's before you even submit your text.

Andrew Lyle said,

Absolutely correct.

If Microsoft did this, everyone would of jumped over them and raised hell, talk about switching operating system. Apple commits a crime and people just let them get away with doing it, no foul.

Double standard in this industry.


Come on, you're the news poster. You should know these security holes don't affect 10.6 since it's right there in Apple's security posting which you linked to yourself.

Have they started signing all their system files ?
Does the OS give the user any messages assuring him the dmg/pkg is signed by the actual vendor, or not ?

That's two major problems in Mac OS, those are the security holes that need to be addressed immediately.