Apple Releases Security Update 2003-03-24

← Back to Stories (view on slashdot.org)

Apple Releases Security Update 2003-03-24

Posted by pudge on Monday March 24, 2003 @10:14AM from the lolly-lolly-lolly-get-your-security-related-update-here dept.

skeeter17 writes "Apple updates security again. According the description: 'Security Update 2002-03-24 addresses a Samba vulnerability which could allow unauthorized remote access to the host system. .... OpenSSL is also updated to address an issue in which RSA private keys can be compromised when communicating over LANs, Internet2/Abilene, and interprocess communication on local machine. ... It is recommended that all users install this Security Update.' Well! There you have it folks!" It is available via Software Update.

4 of 58 comments (clear)

Min score:

Reason:

Sort:

Macs rock. ;) by Justen · 2003-03-24 10:27 · Score: 4, Interesting

I think it is quite admirable that Apple is so dedicated to these security updates. Certainly there is one other operating system software company in the world that isn't as vigilant. *cough*

I know at work, whenever an exploitation was discovered on the PC, the IT department would wait and wait. After several weeks, when problems started happening, they would issue an advisory, telling the people workarounds and what not to do and such until an update happened.

They never did that for the marketing/communications Macs. The reasons are threefold:

a.) there are fewer exploits in Mac OS X's old age (read: UNIX/FreeBSD/Darwin),

b.) when there are holes, they are patched, almost always very, very promptly.

c.) they were afraid of the Macs, anyway.

I think the latter is the least substantial, but, nonetheless, still relevant.

Anyway. I wanted to make a note of this. I don't see how there's much else that we can regularlly pony up in Software Update discussions...

justen
Date issues? by NeuralNet03 · 2003-03-24 13:05 · Score: 2, Interesting

Huh. Seems in Software Update, it's titled 2003-3-24, but in the description, it's *2002*-3-24.
Weren't they a year off last time, too?
OpenSSL again? by tbmaddux · 2003-03-24 13:41 · Score: 3, Interesting

I thought that Security Update 2003-03-03 was supposed to patch OpenSSL: "This update also includes a newer version of OpenSSL that provides improved data confidentiality by addressing a recently-discovered security issue." At the time (03-03-2003) I assumed they were talking about this bug. Plus, the "important information" section of today's patch has the same language about sendmail and OpenSSL.
I'm confused! Anyone know what OpenSSL bugs are patched, specifically, by each security update?

--
Can't you see that everyone is buying station wagons?
Re:Macs rock. ;) by gnuadam · 2003-03-24 14:08 · Score: 3, Interesting

Not to rag too much on apple, but they're still slower to release fixes than open source. Both fink and my gentoo linux box are usually patched the same week (and often the same day) that I hear about the problem.

Gentoo is getting a reputation for releasing fixes before slashdot announces, as the smug 1337 gentoo users like to point out.

Does that make me one of them now, too?

I'm not meaning to say that apple is doing a poor job, by any means. I'm just wanting to point out that apple is not the only organization that takes security seriously, and that there are others that beat apple out the door with security fixes.

--
You say :wq, I say ZZ. Why can't we all just get along?