Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Mac OS X Update For 17 Vulnerabilities

Posted by Zonk on from the enjoy-a-less-wormy-apple dept.

BSDetector writes "Apple has released fixes for 17 OSX vulnerabilities, ranging from system takeover to denial-of-service attacks. It was the fifth security update released this year. It also marked the first time this year that an operating system security update from Apple did not patch a vulnerability disclosed by the January Month of Apple Bugs project. Today's update pushed Apple's year-to-date patch total to over 100. More than one of the affected flaws were called 'critical' or 'dangerous'."

7 of 259 comments (clear)

  1. 5 patches in 5 months by dj245 · · Score: 4, Interesting

    This is the 5th patch of the year. Its also the 5th month of the year (May). Apple's patches may not be evenly spaced like Microsofts, but maybe Microsoft is onto something with their one patch day a month policy. It also makes it much easier on administrators having one scheduled day for patches to count on.

    --
    Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
  2. Re:Your confusion by Jeff+DeMaagd · · Score: 4, Interesting

    A proof of concept exploit seems to surface about once or twice a year. I really haven't heard of one "in the wild".

  3. Microsoft: 10 years, Apple: 3 years. by argent · · Score: 3, Interesting

    Apple's time to patch was about twice as long as Microsoft's in 2006. From the looks of things, they may be working hard on improving that.

    Microsoft's coming up on 10 years for an unpatched vulnerability this year. One that's been exploited over and over again, and is still there.

    Apple's comparable vulnerability is much less dangerous, AND you can turn it off, AND it only surfaces in one program. Much lower surface area, much harder to exploit.

    I'm talking, of course, about deliberate automatic code execution from web browsers (and in Microsoft's case mail software and any other application that uses the Microsoft HTML control). Not buffer overflows or anything patchable like that, but a design that automatically opens a file or object just as if you'd manually downloaded it and run it from the desktop. I'm talking about daft things like ActiveX in IE, or "Open Safe Files" in Safari...

  4. Yes... by SuperKendall · · Score: 2, Interesting

    I've done some development (GUI and otherwise) on Linux, WIndows, and Macs - including a fair amount of X11, MFC, C, C++, Java, some C#, and some Objective C.

    Linux and Macs are nice to develop for for the same reasons - the tools are great. In fact for most of my Mac programming I still use Emacs. But XCode does have a lot of things going for it, and I've been using it more and more...

    I guess my main point is, if you like development for Linux I don't see why you wouldn't like Mac development since you can use all the same tools. You don't have to use XCode. You can even sticl to X11 (though frankly I liked that much less than other systems, even if some of the capabilities are nicer.

    I have also used Visual Studio but frankly, I don't like how it thnks.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  5. Re:It's not only about the vulnerabilities... by djupedal · · Score: 2, Interesting

    "Read up the MOAB."

    You're purposely sending people to a rigged website...? Does this mean you're in on the trap or just that you're clueless about what really lies behind MOAB?

  6. Re:I feel robbed by rgravina · · Score: 3, Interesting

    Reminds me of how I used to pick up the cat and place him right in front of the dog :) Cue the Benny Hill music!

  7. Too bad the update sucks! by __david__ · · Score: 2, Interesting

    I installed this update and rebooted and now it kernel panics every time I try to boot! It happens early enough that I can't even boot into single user. Grrr.....

    -David

    --
    There. Now go play some cool javascript games!