Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Mac OS X Update For 17 Vulnerabilities

Posted by Zonk on from the enjoy-a-less-wormy-apple dept.

BSDetector writes "Apple has released fixes for 17 OSX vulnerabilities, ranging from system takeover to denial-of-service attacks. It was the fifth security update released this year. It also marked the first time this year that an operating system security update from Apple did not patch a vulnerability disclosed by the January Month of Apple Bugs project. Today's update pushed Apple's year-to-date patch total to over 100. More than one of the affected flaws were called 'critical' or 'dangerous'."

10 of 259 comments (clear)

  1. 5 patches in 5 months by dj245 · · Score: 4, Interesting

    This is the 5th patch of the year. Its also the 5th month of the year (May). Apple's patches may not be evenly spaced like Microsofts, but maybe Microsoft is onto something with their one patch day a month policy. It also makes it much easier on administrators having one scheduled day for patches to count on.

    --
    Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
  2. The reboot was not appreciated... by (H)elix1 · · Score: 1, Interesting

    My bride has a MacBook. She got the notification, it downloaded what seemed like a fairly large file after prompting for a password. Don't know if it asked and she missed it, or if it rebooted after installing the patch - but either way her machine did an unexpected restart. (Not that Microsoft is not guilty of the same thing, as one of my servers installed and rebooted last week at a very inconvenient time - dang thing was set to automatic) Anyhow, it sure made her nervous. She wanders down to my lab-of-doom and tells me her mac just shut down. I asked and she said she had just done an update. Perhaps she missed the dialog asking to restart... don't know. Had not seen a CERT email about it yet.

    --
    +++ UGUCAUCGUAUUUCU
    1. Re:The reboot was not appreciated... by Anonymous Coward · · Score: 1, Interesting

      I have been doing updates on Macs for a long time (I work in IT) and never see this. It always asks you if you want to restart, yes, no, after the updates that require a restart. Windows, on the other hand, has this nice count down timer dialog box. So if you are not paying attention, you can lose a lot of data. And that, unfortunately, is routine in the land of Microsoft.

  3. Re:Your confusion by Jeff+DeMaagd · · Score: 4, Interesting

    A proof of concept exploit seems to surface about once or twice a year. I really haven't heard of one "in the wild".

  4. Microsoft: 10 years, Apple: 3 years. by argent · · Score: 3, Interesting

    Apple's time to patch was about twice as long as Microsoft's in 2006. From the looks of things, they may be working hard on improving that.

    Microsoft's coming up on 10 years for an unpatched vulnerability this year. One that's been exploited over and over again, and is still there.

    Apple's comparable vulnerability is much less dangerous, AND you can turn it off, AND it only surfaces in one program. Much lower surface area, much harder to exploit.

    I'm talking, of course, about deliberate automatic code execution from web browsers (and in Microsoft's case mail software and any other application that uses the Microsoft HTML control). Not buffer overflows or anything patchable like that, but a design that automatically opens a file or object just as if you'd manually downloaded it and run it from the desktop. I'm talking about daft things like ActiveX in IE, or "Open Safe Files" in Safari...

  5. Yes... by SuperKendall · · Score: 2, Interesting

    I've done some development (GUI and otherwise) on Linux, WIndows, and Macs - including a fair amount of X11, MFC, C, C++, Java, some C#, and some Objective C.

    Linux and Macs are nice to develop for for the same reasons - the tools are great. In fact for most of my Mac programming I still use Emacs. But XCode does have a lot of things going for it, and I've been using it more and more...

    I guess my main point is, if you like development for Linux I don't see why you wouldn't like Mac development since you can use all the same tools. You don't have to use XCode. You can even sticl to X11 (though frankly I liked that much less than other systems, even if some of the capabilities are nicer.

    I have also used Visual Studio but frankly, I don't like how it thnks.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  6. Re:It's not only about the vulnerabilities... by djupedal · · Score: 2, Interesting

    "Read up the MOAB."

    You're purposely sending people to a rigged website...? Does this mean you're in on the trap or just that you're clueless about what really lies behind MOAB?

  7. Re:I feel robbed by rgravina · · Score: 3, Interesting

    Reminds me of how I used to pick up the cat and place him right in front of the dog :) Cue the Benny Hill music!

  8. DING DING DING by xjerky · · Score: 1, Interesting

    This is how I always get Mac bashers to STFU. Regardless of Apple's smaller market share, _somebody_ would want to have bragging rights to be the first l33t to Pwn OS X. If it were so easy to do so, at least. And you bring up something I hadn't considered before - the Mac user base is so complacent about not getting r00ted or viruses, that they are a ripe target for attack. Personally, I don't patch my OS X system immediately....I do it every few months at my leisure. I bet there are plenty of other Mac users out there. We are perfect targets in theory, yet to this day nobody has seriously tried.

    --
    A sentence you'll never see on an Internet discussion board: "You know what? You're right."
  9. Too bad the update sucks! by __david__ · · Score: 2, Interesting

    I installed this update and rebooted and now it kernel panics every time I try to boot! It happens early enough that I can't even boot into single user. Grrr.....

    -David

    --
    There. Now go play some cool javascript games!