Apple's First 2005 Mac OS X Security Update Is Out

ollie_ob writes "Security Update 2005-001 has just hit Software Update for Mac OS X users, for those running 10.3.7 and 10.2.8 in both normal and server flavours of the OS. The update includes patches for: at commands, ColorSync, libxml2, Mail, PHP, Safari and SquirrelMail. Details are here. One of these fixes -- a modification to Apple Mail so it stops broadcasting your MAC address in plain text every time you send an email - will come as a welcome relief to those trying to keep their WEP-based wireless networks secure. Other highlights are PHP 4.3.10, and a Safari fix so that pop-up windows can't mislead users as to their apparent origin. The Mac OS X Server version of the patch also includes an update to SquirrelMail that stops browsers from executing scripted content in emails viewed(!). Interesting to note Apple's new naming scheme for the updates (last year, some updates came out dated days into the future - or past.) Also, there's a unified page for all future security updates."

how to secure your WEP network.

[anothy]

One of these fixes... ...will come as a welcome relief to those trying to keep their WEP-based wireless networks secure.

unless said fix has to do with fixing something broken in WPA, this is silly. WEP is insecure. record break-in times to WiFi networks "secured" using WEP is well under half an hour; stock tools can do it in several hours to a day. WPA is hardly iron-clad, but it's orders of magnitude better than the fatally flawed WEP. one should not rely on WEP for security of any kind.