Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Mac OS X Update For 17 Vulnerabilities

Posted by Zonk on from the enjoy-a-less-wormy-apple dept.

BSDetector writes "Apple has released fixes for 17 OSX vulnerabilities, ranging from system takeover to denial-of-service attacks. It was the fifth security update released this year. It also marked the first time this year that an operating system security update from Apple did not patch a vulnerability disclosed by the January Month of Apple Bugs project. Today's update pushed Apple's year-to-date patch total to over 100. More than one of the affected flaws were called 'critical' or 'dangerous'."

4 of 259 comments (clear)

  1. 5 patches in 5 months by dj245 · · Score: 4, Interesting

    This is the 5th patch of the year. Its also the 5th month of the year (May). Apple's patches may not be evenly spaced like Microsofts, but maybe Microsoft is onto something with their one patch day a month policy. It also makes it much easier on administrators having one scheduled day for patches to count on.

    --
    Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
  2. Re:Your confusion by Jeff+DeMaagd · · Score: 4, Interesting

    A proof of concept exploit seems to surface about once or twice a year. I really haven't heard of one "in the wild".

  3. Microsoft: 10 years, Apple: 3 years. by argent · · Score: 3, Interesting

    Apple's time to patch was about twice as long as Microsoft's in 2006. From the looks of things, they may be working hard on improving that.

    Microsoft's coming up on 10 years for an unpatched vulnerability this year. One that's been exploited over and over again, and is still there.

    Apple's comparable vulnerability is much less dangerous, AND you can turn it off, AND it only surfaces in one program. Much lower surface area, much harder to exploit.

    I'm talking, of course, about deliberate automatic code execution from web browsers (and in Microsoft's case mail software and any other application that uses the Microsoft HTML control). Not buffer overflows or anything patchable like that, but a design that automatically opens a file or object just as if you'd manually downloaded it and run it from the desktop. I'm talking about daft things like ActiveX in IE, or "Open Safe Files" in Safari...

  4. Re:I feel robbed by rgravina · · Score: 3, Interesting

    Reminds me of how I used to pick up the cat and place him right in front of the dog :) Cue the Benny Hill music!