Apple megapatch plugs 45 security holes
Posted by Emil Protalinski on 14 March 2007 - 02:03 · 30 comments & 6684 views
About the Author
Full name: Unknown
Forum name:
Emil Protalinski
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
Emil ProtalinskiContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
#1 Posted by DirtyLarry on 14 Mar 2007 - 02:34
- Installing through Software Update right now, update is 52.7 MB in size.
-
(3 replies)
#2 Posted by Primexx on 14 Mar 2007 - 02:38
- Apple has security problems???
-
#2.2 Posted by NightmarE D on 14 Mar 2007 - 04:43
- No theory about it.
They were there just not widely known
-
#3 Posted by Croquant on 14 Mar 2007 - 02:46
- So that's why Apple doesn't issue monthly software updates: They were saving them all up for today.
-
(6 replies)
#4 Posted by black_death on 14 Mar 2007 - 04:42
- lies! Mac doesnt have security holes, havent you seen the commercials?!?!?!? All hail steve jobs!!
*kneels and prays to all mighty spandex wearing lord* -
#4.1 Posted by nekrosoft13 on 14 Mar 2007 - 04:57
- haha, apple always been perfect, didn't you know?
-
#4.2 Posted by LTD on 14 Mar 2007 - 05:22
- Quote - (nekrosoft13 said @ #4.1)haha, apple always been perfect, didn't you know?
Smart enough to use a hybrid Mach Kernel/FreeBSD base. No registry, no dll issues, and seamless integration between software and hardware.
No, Apple isn't perfect - or rather OS X isn't perfect. No curent OS is, and for that matter, not much in this world is perfect to begin with. But from what we know so far, there has not been one documented virus in the wild for OS X. Yet. It'll be quite a while though, so smoke 'em if ya got 'em. -
#4.3 Posted by superhuman on 14 Mar 2007 - 07:50
- Quote - (LTD said @ #4.2)Quote - (nekrosoft13 said @ #4.1)haha, apple always been perfect, didn't you know?
so far, there has not been one documented virus in the wild for OS X. Yet. It'll be quite a while though, so smoke 'em if ya got 'em.
I don't see a real Windows viruses either for such a long time. The age of F and B Virus are over. Now, all we have out there are trojans and spyware. -
#4.4 Posted by CoolBits on 14 Mar 2007 - 09:42
- Quote - (superhuman said @ #4.3)Now, all we have out there are trojans and spyware.
LOL Sorry but cant help myself not to laugh on this.
-
#4.5 Posted by Lare2 on 14 Mar 2007 - 14:21
- Quote - (superhuman said @ #4.3)Quote - (LTD said @ #4.2)Quote - (nekrosoft13 said @ #4.1)haha, apple always been perfect, didn't you know?
so far, there has not been one documented virus in the wild for OS X. Yet. It'll be quite a while though, so smoke 'em if ya got 'em.
I don't see a real Windows viruses either for such a long time. The age of F and B Virus are over. Now, all we have out there are trojans and spyware.
<sarcasm> LOL Thank god trojans aren't that bad </sarcasm> -
#4.6 Posted by black_death on 15 Mar 2007 - 18:33
- Quote - (Lare2 said @ #4.5)<sarcasm> LOL Thank god trojans aren't that bad </sarcasm>
<sarcasm> Only absolute geniouses can possibly avoid getting trojans I mean not opening 30kb iconless EXEs and gettng a decent antivirus, einstein would go mad trying that. But I'm sure even if Mac had more than 2% marketshare and hackers actually cared about it it still woudln't have viruses. </sarcasm>
-
(2 replies)
#6 Posted by C++ on 14 Mar 2007 - 10:15
- If Microsoft were Apple, then tomorrow they would unleash a great advertising campaign about how their rivals patched 45 problems with their OS this month, while they released no updates. Thankfully, Microsoft is not Apple.
-
#6.1 Posted by Chad on 14 Mar 2007 - 12:13
- Quote - (C++ said @ #6)If Microsoft were Apple, then tomorrow they would unleash a great advertising campaign about how their rivals patched 45 problems with their OS this month, while they released no updates. Thankfully, Microsoft is not Apple.
Troll elsewhere. -
#6.2 Posted by +Skwerl on 14 Mar 2007 - 14:11
- Quote - (Chad said @ #6.1)Quote - (C++ said @ #6)If Microsoft were Apple, then tomorrow they would unleash a great advertising campaign about how their rivals patched 45 problems with their OS this month, while they released no updates. Thankfully, Microsoft is not Apple.
Troll elsewhere.
It's not trolling if it's true. Apple's awfully smug about this and that, but if it were me sitting there with 3% of the desktop market, I don't think I'd be displaying the snide hubris that Apple does.
-
(7 replies)
#7 Posted by matthew24 on 14 Mar 2007 - 10:40
- "Thankfully, Microsoft is not Apple.", Yep, that is why I switched to OSX!
-
#7.1 Posted by dodgetigger on 14 Mar 2007 - 11:50
- That's why I switched from OS X to Windows some years ago
-
#7.2 Posted by winmoose on 14 Mar 2007 - 11:56
- Quote -That's why I switched from OS X to Windows some years ago
I think that's the problem; people switch because they have an irrational hatred of ms, despite apple tying hardware to software, popularising DRM via the iPod, tying music to hardware (iTunes and iPod) etc. etc. and now evidently having the same security problems as ms, ms is still seen as a great evil.
Apple and ms are the same, ms is just more popular, apple is just sexier.
If people said "I switched to OS X because I prefer the features" then I would say good for them.
Switching because you believe the anti ms hype is stupid. -
#7.3 Posted by Kushan on 14 Mar 2007 - 14:05
- Quote - (winmoose said @ #7.2)Quote -That's why I switched from OS X to Windows some years ago
I think that's the problem; people switch because they have an irrational hatred of ms, despite apple tying hardware to software, popularising DRM via the iPod, tying music to hardware (iTunes and iPod) etc. etc. and now evidently having the same security problems as ms, ms is still seen as a great evil.
Apple and ms are the same, ms is just more popular, apple is just sexier.
If people said "I switched to OS X because I prefer the features" then I would say good for them.
Switching because you believe the anti ms hype is stupid.
Well said. -
#7.4 Posted by +Skwerl on 14 Mar 2007 - 14:17
- Quote - (winmoose said @ #7.2)Switching because you believe the anti ms hype is stupid.
These are people who have switched to a platform that has long held the belief that their users are too stupid to use more than one button on a mouse. What shocks me is why they bother to put so many buttons on the Mac keyboard. Wouldn't it "just work" better if there were only three keys on the keyboard, and all the user had to do was press the right key when it lights up? -
#7.5 Posted by C_Guy on 14 Mar 2007 - 15:26
- Winmoose: I agree, well said... except the part about Mac being "sexier"... PCs can be way hotter than Macs if you just put the effort in. The idea that Macs are "sexy" is just another brainwashing attempt by Apple's marketing. Don't fall for it!
-
#7.6 Posted by winmoose on 14 Mar 2007 - 16:41
- Quote -Winmoose: I agree, well said... except the part about Mac being "sexier"... PCs can be way hotter than Macs if you just put the effort in. The idea that Macs are "sexy" is just another brainwashing attempt by Apple's marketing. Don't fall for it!
Yes, you're right, though you have to admit that traditionally the windows pc has been more ugly (think big beige boxes), my SSF pc case is indeed quite nice looking. -
#7.7 Posted by Le Master on 14 Mar 2007 - 22:42
- Quote - (Skwerl said @ #7.4)Quote - (winmoose said @ #7.2)Switching because you believe the anti ms hype is stupid.
These are people who have switched to a platform that has long held the belief that their users are too stupid to use more than one button on a mouse. What shocks me is why they bother to put so many buttons on the Mac keyboard. Wouldn't it "just work" better if there were only three keys on the keyboard, and all the user had to do was press the right key when it lights up?
Am I the only one who caught this comment? Hahaha. Freaking hilarious.
-
#8 Posted by BigBoy on 14 Mar 2007 - 15:58
- Hahaha that's pretty cool, Apple!
What's interesting is that they are probably all proud that they released ONE PATCH.
"See? We released only one patch!"
"But - it fixes 45 security flaws!"
(Jobs waves his hand)
"This is not the information your are looking for. Now look at this new cool iGadget we also have for you to download"
Sigh. While it's true that no software is perfect and will never be, the way Apple masks the severity of their security issues is going to hurt them in the end. 45 security fixes... they might as well call it a service pack!
-
#9 Posted by xMorpheousx416 on 14 Mar 2007 - 16:21
- Quote -Sigh. While it's true that no software is perfect and will never be, the way Apple masks the severity of their security issues is going to hurt them in the end. 45 security fixes... they might as well call it a service pack!
Hardly.
The definition of "masking severity" as you so elloquently put it...shouldn't really be stated as such to make others believe that if Apple's security issues are as exploited as Microsoft's...that it's going to hurt Apple. Any security flaw can be exploited.
Service Pack? Now that's a laugh...MS releases anywhere between 5, 10 up to 30MB of patches on a monthly basis.
-
#10 Posted by ScottKin on 14 Mar 2007 - 18:34
- What I find as somewhat odd is that no one is calling Apple on-the-carpet about announcing said holes and vulnerabilities ahead of the patch releases - isn't this what everyone expects Microsoft to do? The sauce isn't good for the goose as it is for the gander?
-
(1 reply)
#11 Posted by patseguin on 14 Mar 2007 - 20:10
- I don't see anywhere where it says this patch addresses "45 security holes". It has a long list of bug fixes and also includes previously-released security patches. The author also calls it "the seventh Apple security patch". It's not a security patch.
-
#11.1 Posted by BigBoy on 14 Mar 2007 - 22:43
- Right... well go here and look:
http://docs.info.apple.com/article.html?artnum=305214
Now check some of those descriptions:Quote -Impact: Mounting a maliciously-crafted AppleSingleEncoding disk image may lead to an unexpected application termination or arbitrary code execution
Impact: Mounting a maliciously-crafted disk image may lead to an unexpected application termination or arbitrary code execution
Impact: Crash Reporter may allow a local admin user to obtain system privileges
Impact: Viewing a maliciously-crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution
Impact: Multiple vulnerabilities in GNU Tar, the most serious of which is arbitrary code execution
And there is more...
So, going back to my "Apple masking their security issues" argument - you would not call this a security patch... well Apple does not call it such either. But this patches a ton of security issues. SO by bundling all this crap into a single patch, I guess you can say that "Apple has no security patches"? Meh...
Eight vulnerabilities are related to the way Mac OS X handles disk images; mounting a malicious image may lead to an error and could provide a means for an attacker to breach a Mac, Apple said. Nine vulnerabilities were released as part of the Month of Apple Bugs in January and seven bugs disclosed in the Month of Kernel Bugs in November. While several of the vulnerabilities repaired by Apple's updates were previously known, it doesn't appear that any attacks that exploited the flaws actually occurred. Apple also issued a second update which fixes a security bug in iPhoto that could allow an attacker to craft a malicious "photocast" which, when opened, could compromise a Mac.