Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Releases Security Update 2003-03-24

Posted by pudge on from the lolly-lolly-lolly-get-your-security-related-update-here dept.

skeeter17 writes "Apple updates security again. According the description: 'Security Update 2002-03-24 addresses a Samba vulnerability which could allow unauthorized remote access to the host system. .... OpenSSL is also updated to address an issue in which RSA private keys can be compromised when communicating over LANs, Internet2/Abilene, and interprocess communication on local machine. ... It is recommended that all users install this Security Update.' Well! There you have it folks!" It is available via Software Update.

15 of 58 comments (clear)

  1. Dance! by blackmonday · · Score: 4, Funny

    ALERT: There is still known vulnerabilities with the Cha Cha Cha, the Cabbage Patch, and especially the Boogaloo. You've been warned.

  2. Macs rock. ;) by Justen · · Score: 4, Interesting

    I think it is quite admirable that Apple is so dedicated to these security updates. Certainly there is one other operating system software company in the world that isn't as vigilant. *cough*

    I know at work, whenever an exploitation was discovered on the PC, the IT department would wait and wait. After several weeks, when problems started happening, they would issue an advisory, telling the people workarounds and what not to do and such until an update happened.

    They never did that for the marketing/communications Macs. The reasons are threefold:

    a.) there are fewer exploits in Mac OS X's old age (read: UNIX/FreeBSD/Darwin),

    b.) when there are holes, they are patched, almost always very, very promptly.

    c.) they were afraid of the Macs, anyway.

    I think the latter is the least substantial, but, nonetheless, still relevant.

    Anyway. I wanted to make a note of this. I don't see how there's much else that we can regularlly pony up in Software Update discussions...

    justen

  3. Re:Why don't you just get a REAL operating system. by Pathwalker · · Score: 5, Funny

    Microsoft file sharing is the most secure in the world. In fact, you don't even need to use a firewall with Windows.

    That's right - all you need to do is leave your box hooked up to the network with no firewall, and in less than 5 minutes, one of a large number of dedicated volunteers will scan your system for any security flaws. If any are found, this tireless worker will log into your box, and install any necessary patches for you.

    Don't worry if the disk thrashes from time to time, or if there is a lot of network activity, these are just symptoms of the high level of careful service you are receiving from your unknown friend.

    To ensure the best service, be sure to tip him, by putting your credit card number, zip code, expiration date, SSN, and a suggested tip amount in a file called c:\tip.txt. A little gesture like this can go a long way!

  4. They're doin' better than Microsoft by nycroft · · Score: 3, Insightful

    Since OS X 10.2.4 came out, I think this is only the second security update. However, for XP there have been countless updates. The Service Pack One update from a few months back was 120MB! They must've had quite a bit of holes to need a upgrade that big.

    It seems that almost every week, my IT deartment is running around trying to install security updates on our computers. It's a good thing I only use my PC for e-mail (not for long, since MS Exchange will soon work with Entourage). I use my Mac for real work.

    --
    Mr. Bond, they have a saying in Chicago: Once is happenstance. Twice is coincidence. The third time is enemy action.
    1. Re:They're doin' better than Microsoft by Alcimedes · · Score: 4, Funny

      well, sounds to me like Apple is slacking off then. i mean, WinXP has already released DOZENS of megs of security patches. come on Apple, get off your can. only two updates.

      slackers!!!! ;)

  5. Not even Apple's updates by daveschroeder · · Score: 4, Insightful

    And let's not forget that these security updates are due to exploits and holes in the software of the OSS community at large (sendmail, samba, openssl, openssh), not due to Apple's own bungling or inattention to security.

    1. Re:Not even Apple's updates by nycroft · · Score: 4, Insightful

      Absolutely! I forgot, sorry.

      Let's face it: If you compare Apple's software AND hardware innovation to any other company, they stand up extremely well. Apple is a company that is doing both at the same time. Any other company would have folded by now (they were getting pretty close in the late '90s), but they seem to be able to keep setting trends and making money to boot. I'd like to see MS try and pull that off. They seem to be going backwards compared to Apple.

      --
      Mr. Bond, they have a saying in Chicago: Once is happenstance. Twice is coincidence. The third time is enemy action.
    2. Re:Not even Apple's updates by Ponty · · Score: 2, Funny

      Microsoft makes mice. :-)

  6. Re:Someone tell me... by Juanvaldes · · Score: 3, Informative

    because that has already been fixed and is in the 10.2.5 update which will be released within a few weeks.

  7. Yes, I agree...MS is trash by djupedal · · Score: 4, Insightful

    This patch is for SAMBA...which is a Windows file sharing protocal. Go figure.

    I know the parent is a troll. Last one I feed today, I promise.

  8. Date issues? by NeuralNet03 · · Score: 2, Interesting

    Huh. Seems in Software Update, it's titled 2003-3-24, but in the description, it's *2002*-3-24.
    Weren't they a year off last time, too?

  9. OpenSSL again? by tbmaddux · · Score: 3, Interesting
    I thought that Security Update 2003-03-03 was supposed to patch OpenSSL: "This update also includes a newer version of OpenSSL that provides improved data confidentiality by addressing a recently-discovered security issue." At the time (03-03-2003) I assumed they were talking about this bug. Plus, the "important information" section of today's patch has the same language about sendmail and OpenSSL.

    I'm confused! Anyone know what OpenSSL bugs are patched, specifically, by each security update?

    --
    Can't you see that everyone is buying station wagons?
  10. Re:Macs rock. ;) by gnuadam · · Score: 3, Interesting

    Not to rag too much on apple, but they're still slower to release fixes than open source. Both fink and my gentoo linux box are usually patched the same week (and often the same day) that I hear about the problem.

    Gentoo is getting a reputation for releasing fixes before slashdot announces, as the smug 1337 gentoo users like to point out.

    Does that make me one of them now, too?

    I'm not meaning to say that apple is doing a poor job, by any means. I'm just wanting to point out that apple is not the only organization that takes security seriously, and that there are others that beat apple out the door with security fixes.

    --
    You say :wq, I say ZZ. Why can't we all just get along?
  11. Restart required, though. by Alex+Thorpe · · Score: 3, Funny

    There went my two weeks of uptime... ;-)

    --
    "Common Sense Ain't" -Unknown
  12. Re:Macs rock. ;) by WatertonMan · · Score: 4, Informative
    You can still recompile most of the Apple utilities that have these patches. Indeed if you are using Apache on a production machine using OSX you are probably better off compiling the code so that you *know* exactly what is going on. For most machines that is less significant.

    Put an other way, you're right, but your confusing Apple's software with the code. Most of the services on OSX are open source and to say that "they are slower to release fixes than open source" rather misses the forest for the trees. (Or vice versa) What Apple does is provide a quick, easy update for regular users who don't want to deal with the complexities of compiling their open source programs. As such Apple reacts very timely and does a lot of checking.

    So to differentiate Apple's security and open source's security is a false dichotomy.