The megapatch, also known as Mac OS X 10.4.9, is the seventh Apple security patch release in three months. It deals with vulnerabilities in Apple's own software, as well as third-party components such as Adobe Systems' Flash Player, OpenSSH and MySQL. Sixteen of the vulnerabilities addressed by the update were previously released as part of two high-profile bug-hunting campaigns. Several of the flaws could be exploited to gain full control over a Mac running the vulnerable component, according to Apple's advisory. Other holes are limited and could only be exploited to crash a Mac or used by somebody who already has access to a machine.
Eight vulnerabilities are related to the way Mac OS X handles disk images; mounting a malicious image may lead to an error and could provide a means for an attacker to breach a Mac, Apple said. Nine vulnerabilities were released as part of the Month of Apple Bugs in January and seven bugs disclosed in the Month of Kernel Bugs in November. While several of the vulnerabilities repaired by Apple's updates were previously known, it doesn't appear that any attacks that exploited the flaws actually occurred. Apple also issued a second update which fixes a security bug in iPhoto that could allow an attacker to craft a malicious "photocast" which, when opened, could compromise a Mac.
News source: News.com
Eight vulnerabilities are related to the way Mac OS X handles disk images; mounting a malicious image may lead to an error and could provide a means for an attacker to breach a Mac, Apple said. Nine vulnerabilities were released as part of the Month of Apple Bugs in January and seven bugs disclosed in the Month of Kernel Bugs in November. While several of the vulnerabilities repaired by Apple's updates were previously known, it doesn't appear that any attacks that exploited the flaws actually occurred. Apple also issued a second update which fixes a security bug in iPhoto that could allow an attacker to craft a malicious "photocast" which, when opened, could compromise a Mac.
News source: News.com
They were there just not widely known
*kneels and prays to all mighty spandex wearing lord*
Smart enough to use a hybrid Mach Kernel/FreeBSD base. No registry, no dll issues, and seamless integration between software and hardware.
No, Apple isn't perfect - or rather OS X isn't perfect. No curent OS is, and for that matter, not much in this world is perfect to begin with. But from what we know so far, there has not been one documented virus in the wild for OS X. Yet. It'll be quite a while though, so smoke 'em if ya got 'em.
so far, there has not been one documented virus in the wild for OS X. Yet. It'll be quite a while though, so smoke 'em if ya got 'em.
I don't see a real Windows viruses either for such a long time. The age of F and B Virus are over. Now, all we have out there are trojans and spyware.
LOL Sorry but cant help myself not to laugh on this.
so far, there has not been one documented virus in the wild for OS X. Yet. It'll be quite a while though, so smoke 'em if ya got 'em.
I don't see a real Windows viruses either for such a long time. The age of F and B Virus are over. Now, all we have out there are trojans and spyware.
<sarcasm> LOL Thank god trojans aren't that bad </sarcasm>
<sarcasm> Only absolute geniouses can possibly avoid getting trojans I mean not opening 30kb iconless EXEs and gettng a decent antivirus, einstein would go mad trying that. But I'm sure even if Mac had more than 2% marketshare and hackers actually cared about it it still woudln't have viruses. </sarcasm>
Troll elsewhere.
Troll elsewhere.
It's not trolling if it's true. Apple's awfully smug about this and that, but if it were me sitting there with 3% of the desktop market, I don't think I'd be displaying the snide hubris that Apple does.
I think that's the problem; people switch because they have an irrational hatred of ms, despite apple tying hardware to software, popularising DRM via the iPod, tying music to hardware (iTunes and iPod) etc. etc. and now evidently having the same security problems as ms, ms is still seen as a great evil.
Apple and ms are the same, ms is just more popular, apple is just sexier.
If people said "I switched to OS X because I prefer the features" then I would say good for them.
Switching because you believe the anti ms hype is stupid.
I think that's the problem; people switch because they have an irrational hatred of ms, despite apple tying hardware to software, popularising DRM via the iPod, tying music to hardware (iTunes and iPod) etc. etc. and now evidently having the same security problems as ms, ms is still seen as a great evil.
Apple and ms are the same, ms is just more popular, apple is just sexier.
If people said "I switched to OS X because I prefer the features" then I would say good for them.
Switching because you believe the anti ms hype is stupid.
Well said.
These are people who have switched to a platform that has long held the belief that their users are too stupid to use more than one button on a mouse. What shocks me is why they bother to put so many buttons on the Mac keyboard. Wouldn't it "just work" better if there were only three keys on the keyboard, and all the user had to do was press the right key when it lights up?
Yes, you're right, though you have to admit that traditionally the windows pc has been more ugly (think big beige boxes), my SSF pc case is indeed quite nice looking.
These are people who have switched to a platform that has long held the belief that their users are too stupid to use more than one button on a mouse. What shocks me is why they bother to put so many buttons on the Mac keyboard. Wouldn't it "just work" better if there were only three keys on the keyboard, and all the user had to do was press the right key when it lights up?
Am I the only one who caught this comment? Hahaha. Freaking hilarious.
What's interesting is that they are probably all proud that they released ONE PATCH.
"See? We released only one patch!"
"But - it fixes 45 security flaws!"
(Jobs waves his hand)
"This is not the information your are looking for. Now look at this new cool iGadget we also have for you to download"
Sigh. While it's true that no software is perfect and will never be, the way Apple masks the severity of their security issues is going to hurt them in the end. 45 security fixes... they might as well call it a service pack!
Hardly.
The definition of "masking severity" as you so elloquently put it...shouldn't really be stated as such to make others believe that if Apple's security issues are as exploited as Microsoft's...that it's going to hurt Apple. Any security flaw can be exploited.
Service Pack? Now that's a laugh...MS releases anywhere between 5, 10 up to 30MB of patches on a monthly basis.
http://docs.info.apple.com/article.html?artnum=305214
Now check some of those descriptions:
Impact: Mounting a maliciously-crafted disk image may lead to an unexpected application termination or arbitrary code execution
Impact: Crash Reporter may allow a local admin user to obtain system privileges
Impact: Viewing a maliciously-crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution
Impact: Multiple vulnerabilities in GNU Tar, the most serious of which is arbitrary code execution
And there is more...
So, going back to my "Apple masking their security issues" argument - you would not call this a security patch... well Apple does not call it such either. But this patches a ton of security issues. SO by bundling all this crap into a single patch, I guess you can say that "Apple has no security patches"? Meh...
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.