Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Forcing Panther Upgrade for Security Patch

Posted by CmdrTaco on from the well-thats-a-bit-stingy dept.

The Raindog writes "I noticed over at Tech Report that Apple is apparently only offering its latest round of OS X security fixes to Panther users, leaving older versions of OS X out in the cold. " Update: 10/31 by J : But see the next day's story.

4 of 605 comments (clear)

  1. Possible by mojowantshappy · · Score: 5, Insightful

    Isn't it possible that they just haven't released the 10.2 patch yet?

    --

    This page was generated by a Barrel of Circus Midgets, and that is the way I like it!!!

  2. Apple has not made a statement by CraigCourtney · · Score: 5, Insightful

    While this could be true, Apple has not made an official statement that I know of. Some one saying they talked to some one at apple does not make policy. It is entirley possible that Apple has just concentrated all resources to get Panther out the door. No work was allowed on previous versions until it was done. It just as plausible as the radical they won't fix Jaguar. Until Apple states their official policy people shouldn't fly off the handle.

  3. Fortunatly... by ProfessionalCookie · · Score: 5, Insightful

    1. Core Files are disabled by default. So unless you've enabled them you should be ok.

    2. DMG Folder permissions can be a problem but I think the bigger problem is broken permissions on executable program distributions. Publishers and developers aren't using the right permissions.

    3. The buffer overflow crashes the machine but does not dump any sensitive data- no logs only memory addresses are dumped. This is generally not sensitive information.

    In addition I think it's kind of lame to say that Apple will not release security update for 10.2 perhaps they just haven't released them yet. These flaws don't seem to be terribly pertinent since they all require that you already have access to the machine, one of them requires that you dig in and enable core files another requires insecure app permissions (not Apple's fault) and a trojan and the last is an overflow which must be within narrow length limits and does not dump sensitive data.

    Panther hasn't even been out a week yet.

  4. Apple is unacceptable as a server provider. by emil · · Score: 5, Insightful
    David Goldsmith, director of research for @stake, a security company that found four of the vulnerabilities, confirmed that Apple said it wasn't going to patch the flaws in earlier versions of the software.

    "In my initial conversations with them, they said they weren't going to fix 10.2, but I wouldn't be surprised if they change that," he said.

    Such a statement, aparently confirmed by Apple, will keep Mac OS X out of any server applications. Just imagine Sun saying something similar.

    Since Oracle server is out for OS X, I had been thinking about Macs for certain server applications.

    At home, I have both an iMac and a beige G3. My beige G3 is not supported under 10.3; according to Apple I cannot upgrade (until xpostfacto gets through with them). Apple just tried to put a gun to my machine's head and pull the trigger.

    Because they are dropping hardware in 10.3, they need to support 10.2 indefinately.

    I am not amused.