Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Issues Patches For 25 Security Holes

Posted by CmdrTaco on from the it's-much-better-now-trust-me dept.

TheCybernator writes "Apple today released software updates to plug more than two dozen security holes in its Mac OS X operating system and other software. The free patches are available via the Mac's built-in Software Update feature or directly from Apple's Web site. All told, today's batch fixes some 25 distinct security vulnerabilities, including a dangerous flaw present in the AirPort wireless devices built into a number of Apple computers, including the eMac, the iBook, iMac, Powerbook G3 and G4, and the Power Mac G4. Apple said computers with its AirPort Extreme wireless cards are not affected. Earlier this month, Apple released a software update to fix a vulnerability in its wireless router, the AirPort Extreme Base Station. That update and instructions on how to apply it are available at the link."

9 of 241 comments (clear)

  1. Huh? by Anonymous Coward · · Score: 0, Flamebait

    Apple does it, and they are just staying ahead of the curve and being proactive. Microsoft does it and they released a crappy product that shouldn't of been released until these security holes were fixed.

  2. Cue Apologists by Grashnak · · Score: 0, Flamebait

    I predict:

    - Apple apologist posts explaining that Apple is proactively improving security
    - MS defender posts wondering why /. doesn't savage Apple the same way it does MS for security holes
    - Linux fanbois taunting both

    In other words, nothing to see here.

    --
    Life needs more saving throws.
    1. Re:Cue Apologists by SCHecklerX · · Score: 0, Flamebait

      And yet, our biggest problems (botnets) are not usually from any particular vulnerability, but rather from stupid users running that great attachment they got from 'their friend'. Don't the M$ fanboys claim that Macs are for the clueless? If so, then why aren't Macintoshes part of the botnet problem?

    2. Re:Cue Apologists by Anonymous Coward · · Score: 0, Flamebait

      "Some local privilege escalations that nobody beyond a couple of security researchers have paid attention to is nothing compared to the stuff a Windows user has to put up with." - by nevali (942731) on Friday April 20, @10:30AM (#18811399)

      Untrue. Here are some from the article itself, verbatim, which indicate remote exploits that were present:

      http://docs.info.apple.com/article.html?artnum=305 391

      Libinfo

      CVE-ID: CVE-2007-0736

      Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

      Impact: Remote attackers may be able to cause a denial of service or arbitrary code execution if the portmap service is enabled

      AND

      network_cmds

      CVE-ID: CVE-2007-0741

      Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

      Impact: Remote attackers may be able to cause a denial of service or arbitrary code execution if Internet Sharing is enabled

      AND

      Libinfo

      CVE-ID: CVE-2007-0736

      Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

      Impact: Remote attackers may be able to cause a denial of service or arbitrary code execution if the portmap service is enabled

      Not all the commercials in the world saying "Windows is less secure than Apple" can counter the facts noted above. If the Pro Linux/Unix/MacOS X/BSD people here at slashdot would come clean and be straight about this? They would be less guilty of misinformation, which shoots their credibility down because of outright misinformation stated constantly by them in this regard, security.

      Suggestion: Read the article completely before stating yet more Linux/Unix/BSD/MacOS X misinformation online. Right now, after tuning my Windows Server 2003 SP#2 setup, I can score a 84.735 on CIS Tool 1.0 (center for internet security). It took me 30 minutes, tops, to apply some registry hacks, default services cutoffs and logon entity alterations (from System to lesser ones like Local or Network Service), and use of the SCW + security configuration and analysis tools for security policies work to make Windows VERY secure, which is not much work to do.

      Also, the fact remains that hardened builds of UNIX variants are available as well.

      Thus, if Linux/Unix/BSD/MacOS X are "so secure out of the box" as you state? Then why on earth are their hardened builds of them period (SELinux, for example)?? Nuff said... none of them are 100% secure, even vs. local OR remote exploits, out of the box period.

  3. I wonder if the Apple fanboi is gonna show up.... by moogs · · Score: 0, Flamebait

    You know, with his "switcheur" troll post and links to pics of fugly people... Heh heh heh :)

    --
    I have bad karma. What do I care what you think?
  4. Re:cue doodly piano music by Anonymous Coward · · Score: 0, Flamebait

    Way to go. You've just taken all the Apple fanbois away from their keyboards, as they think about Steve Jobs plugging up their holes.

    Well.... at least one hand is off their keyboards ;-)

  5. Re:I'd like to propose a tag by PFI_Optix · · Score: 0, Flamebait

    But I see that tag stuck on everything remotely relating to bugs in Windows.

    I make the comment mostly to bug the "Apple can do no wrong" fanboys more than anything. They're the ones (and the Linux fanboys to a lesser extent) who are tagging that on *everything* they see about MS.

    --
    120 characters for a sig? That's bloody useless.
  6. marketese by cinnamon+colbert · · Score: 0, Flamebait

    "the free patches.."
    wow, FREE security patches
    How generous of Mr. Jobs.
    this is an example of market-speak, an orwellian version of the english language, where the subject (apple) is always made to appear in a favorable light, with every possible action embellished, and every possible flaw minimized.
    this might seem like minor carping, untill you think about why the word "free" is there. surely you would expect a reputable company, as a matter of course, to stand behind its products and deliver free fixes to flaws; that this is embellished with positive language is perverse.

  7. Re:I'd like to propose a tag by Lars+T. · · Score: 0, Flamebait

    It means that the designer specifically designed the device to not do something that is normally expected or wanted, or has been designed in such a way as to annoy the user constantly. In other words, they had to work harder to make sure the device did not work. Typical MS things that are defective by design are DRM, Clippy, and that new security thing in Vista that is so annoying.

    Ah. So you mean like a media player that can't display full screen videos ?

    So use one of the other Quicktime players. Ohh, wait, Windows programmers are too busy writing malware to write one - tough luck.
    --

    Lars T.

    To the guy who modded me down from perfect to terrible Karma - Apple haters still suck