Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple and Microsoft Release Critical Patches

Posted by Soulskill on from the that-time-of-the-month dept.

SkiifGeek writes "Both Microsoft and Apple have released major security updates in the last 24 hours. Microsoft's single update (MS09-017) addresses fourteen distinct vulnerabilities across all supported versions of PowerPoint, but it isn't the number of patched vulnerabilities that is causing trouble. Instead, the decision to release the patch for Windows versions while OS X and Works versions remain vulnerable to the same remote code execution risks (including one that is currently being exploited) hasn't gone down well with some people. Microsoft have given various reasons why this is the case, but this mega-update-in-a-patch is still interesting for other reasons. Meanwhile, Apple has updated OS X 10.5 to 10.5.7 as part of the 2009-002 Security Update, as well as a cumulative update for Safari 3 and the Public Beta for 4. As well as addressing numerous significant security risks, the 10.5.7 update provides a number of stability and capability enhancements and incorporates the Safari 3 update patch. Probably the most surprising element of the Apple update is the overall size of it; 442MB for the point update, and 729MB for the ComboUpdate."

5 of 194 comments (clear)

  1. Dashboard patched thoroughly by Sh1r0wgmx.de · · Score: 5, Informative

    Yeah the size of the update was a shock this morning, let me miss my usual train too. From what i've read http://www.macworld.com/article/140578/2009/05/1057update.html the update does a lot more than is actually said (big surprise with the size), even though most of those things aren't directly visible. What i have found is that my dashboard updates a lot faster than before, as i have two standard weather widgets open at all times i guess they really optimized the code there. Normally it would take at least 5-10 seconds to update the display after opening the dashboard, now it's almost instantenous. Anyone else notice this too?

  2. Re:Static linking by TheRaven64 · · Score: 5, Informative

    Insightful? Absolute nonsense. This patch is entirely for Apple-supplied software. This all links against the system frameworks, and does not include its own version of anything. Frameworks shared between more than one Apple app are bundled in to the global frameworks directory. Also, most of the stuff being updated (e.g. Apache, which has had several security holes fixed in this update) isn't in a .app bundle.

    --
    I am TheRaven on Soylent News
  3. Re:Apple is Bad Too by UnknowingFool · · Score: 4, Informative
    *Sigh*. First of all, 10.5.7 contains both enhancements and fixes. Apple patches all the software that came bundled with OS X. In some cases, this software is not their own. If you look at just the security fixes for 10.5.7, you would see that the non-Apple software is being patched:
    • Apache
    • BIND
    • CUPS
    • Flash
    • libxml
    • Kerebros
    • Net-SNMP
    • OpenSSL
    • PHP
    • ruby
    • telnet
    • WebKit
    • X11

    That is being bundled with fixes and enhancements to their own software like "iCal: Improves overall reliability with CalDav." The MS update is all labeled "Vulnerability to . . ."

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  4. Re:I agree, (And have reasons) by Spatial · · Score: 3, Informative

    At least in America, a lot of the network providers are also media publishers and distributors.

  5. Re:numbers wrong by Chaos+Incarnate · · Score: 4, Informative

    It's 729 MB for the complete, standalone, works-on-both-architectures, includes-10.5.1-forward patch. If you download via Software Update you'll see a smaller download (since you'll only download for PowerPC or x86, and you'll only download the needed bits instead of all the point updates rolled together).

    --
    Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."