Apple has released the year's fifth major security update for Mac OS X to patch 17 vulnerabilities, the first time this year that an OS security update from Apple did not patch a vulnerability disclosed by the January Month of Apple Bugs project. Eight out of the 17 exploits could do no more damage than to generate a denial of service of, or crash, the affected component. Only five of the patched vulnerabilities could result in an attacker executing his own code. Apple's year-to-date patch total may be over 100, but this month included fixes for fewer flaws than last month (25) and the month before (45).
Among the serious bugs is one in how Mac OS X 10.4 handles PDF files. "By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow, which may lead to an unexpected application termination or arbitrary code execution," Apple's advisory said. Attacks sporting this strategy, although rare on Macs, would mean Apple’s users would have to be careful when opening attachments. Another dangerous flaw fixed exists in the code that maps ports on home networks in iChat, Apple's instant messaging service and software. An attacker with access to the local network to exploit the bug could send a malformed packet to trigger a buffer overflow, which could then be used to add malicious code to the Mac. Other parts of Mac OS X that were patched include Berkeley Internet Name Domain, the de facto standard Domain Name System server software, which was patched against four vulnerabilities; the Ruby CGI library (two vulnerabilities); and Fetchmail (one vulnerability).
Download: Security Update
News source: InfoWorld
Among the serious bugs is one in how Mac OS X 10.4 handles PDF files. "By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow, which may lead to an unexpected application termination or arbitrary code execution," Apple's advisory said. Attacks sporting this strategy, although rare on Macs, would mean Apple’s users would have to be careful when opening attachments. Another dangerous flaw fixed exists in the code that maps ports on home networks in iChat, Apple's instant messaging service and software. An attacker with access to the local network to exploit the bug could send a malformed packet to trigger a buffer overflow, which could then be used to add malicious code to the Mac. Other parts of Mac OS X that were patched include Berkeley Internet Name Domain, the de facto standard Domain Name System server software, which was patched against four vulnerabilities; the Ruby CGI library (two vulnerabilities); and Fetchmail (one vulnerability).
Download: Security Update News source: InfoWorld
Thanks for the news.
Thanks for the news.
lol..typical mac user ingoring the issues that apple has...
OS X = Security via obscurity...
You are not an idiot, are you? Then don't post like one.
The real test is when people actually start exploiting it and then how the OS can withstand it. I have a gut feeling that OS X might be capable of it but thousands of idiotic mac users might be the real problem. (just like on the Windows side)
You are not an idiot, are you? Then don't post like one.
So you say OS X is secure always...as some one cited, in a lake of fishes, windows fishes are about 95% and chance of catching a windows fish is always High..and now compare...
No OS or software is 100% secured or stable including Windows, Unix, Linux & Mac os X..
You are not an idiot, are you? Then don't post like one.
So you say OS X is secure always...as some one cited, in a lake of fishes, windows fishes are about 95% and chance of catching a windows fish is always High..and now compare...
No OS or software is 100% secured or stable including Windows, Unix, Linux & Mac os X..
What are you talking about?
No OS or software is 100% secured or stable including Windows, Unix, Linux & Mac os X..
In fact, search out my posts here on Neowin, and you will see me clearly state that
- Security is a process, not a product or feature, and
- Coming to a overall security conclusion based on any single metric is horribly flawed
No need to imagine me saying things in order to try to start online flamewars, buddy.You are not an idiot, are you? Then don't post like one.
Wow I think you need to calm down. Also calling people an idiot is not very smart on your part. You do not need to attack him see the reason people say this is cause Apple always advertises that it is secure and it just works no matter what. Witch we all know is not true I mean like you said only an idiot would in this case believe that Apple is the golden fleece.
You are not an idiot, are you? Then don't post like one.
Wow I think you need to calm down. Also calling people an idiot is not very smart on your part. You do not need to attack him see the reason people say this is cause Apple always advertises that it is secure and it just works no matter what. Witch we all know is not true I mean like you said only an idiot would in this case believe that Apple is the golden fleece.
No, I agree with Mark. You can't measure security in the number of patches released, or how many fixes each patch actually fixed. In fact, you can't measure them at all!
Like that guy up above was saying when he was talking about "windows fish" (or trying to anyway), Windows has a greater userbase. That said, there are a lot more people pushing to find flaws within the software. If OSX had the same userbase that Windows did, then yes, I think you'd find a lot more flaws with OSX. However, since we can't test that, you really can't measure the security of each system, other than by the numbers. And once again, you got a stupid way of measuring.
Ad hominem attacks certainly don't help your case.
If an OS's security is not determined by its flaws, then what is it judged by? The intelligence of its users? How many "in the wild" malware can infect it?
Don't get me wrong; OS X is more secure than Vista, only not inherently more secure. If the tables were turned, there would definitely be a ton of malware for OS X.
Has Apple taken drastic measures to improve OS X's security? Last I heard, Microsoft removed all instances of strcpy() from Vista because of security concerns. Do you realize how much code would need to be changed?
Edit: I accidentally replied to the wrong thread. This is meant to be a reply to markjensen's post above.
Last edited by NateB1 on 25 May 2007 - 21:29
That was a very good move & code alterations like these made them the delay...but its good for customers.
Ad hominem attacks certainly don't help your case.
...
If an OS's security is not determined by its flaws, then what is it judged by? The intelligence of its users? How many "in the wild" malware can infect it?
...
In short, you have to analyze, not just count.
Ad hominem attacks certainly don't help your case.
...
If an OS's security is not determined by its flaws, then what is it judged by? The intelligence of its users? How many "in the wild" malware can infect it?
...
In short, you have to analyze, not just count.
Do you have such a analysis? If not, you're worse than him, obviously. And I like how you mention 'time to patch' but not 'thoroughness of testing' to make sure it doesn't break tons of **** and put users off from installing the patch.
I mean, it doesn't make you look biased or anything.
Ad hominem attacks certainly don't help your case.
...
If an OS's security is not determined by its flaws, then what is it judged by? The intelligence of its users? How many "in the wild" malware can infect it?
...
In short, you have to analyze, not just count.
Do you have such a analysis? If not, you're worse than him, obviously. And I like how you mention 'time to patch' but not 'thoroughness of testing' to make sure it doesn't break tons of **** and put users off from installing the patch.
I mean, it doesn't make you look biased or anything.
From what I read, he's not the one trying to measure the security here. Nate's the one trying to do the measuring. He's just stating what factors should be taken into place when attempting to measure the security of an OS. Forgive him if he didn't name all of them as I'm sure he didn't expect good ol' Nate here to follow through and analyze the situation.
When Microsoft patches a few Windows flaws all the MAC fanboys start the flame war, but when their mighty OS breaks and reveals itself as it is ( just like any other OS) They can't withstand the critic, wake up; it is life, yes your OS just happens to be less popular thus being less attacked that's all.
Last edited by Ely on 25 May 2007 - 22:06
When Microsoft patches a few Windows flaws all the MAC fanboys start the flame war, but when their mighty OS breaks and reveals itself as it is ( just like any other OS) They can't withstand the critic, wake up; it is life, yes your OS just happens to be less popular thus being less attacked that's all.
Noone has claimed OS X is 100% secure.
And no, Mac users don't start flamewars in those threads.
Stop pulling stuff out of thin air to make your opinion look valid.
When Microsoft patches a few Windows flaws all the MAC fanboys start the flame war, but when their mighty OS breaks and reveals itself as it is ( just like any other OS) They can't withstand the critic, wake up; it is life, yes your OS just happens to be less popular thus being less attacked that's all.
Noone has claimed OS X is 100% secure.
And no, Mac users don't start flamewars in those threads.
Stop pulling stuff out of thin air to make your opinion look valid.
the problem is, apple and steve job did, it's their arrogance that is backslashing when people hear this news
When Microsoft patches a few Windows flaws all the MAC fanboys start the flame war, but when their mighty OS breaks and reveals itself as it is ( just like any other OS) They can't withstand the critic, wake up; it is life, yes your OS just happens to be less popular thus being less attacked that's all.
Noone has claimed OS X is 100% secure.
And no, Mac users don't start flamewars in those threads.
Stop pulling stuff out of thin air to make your opinion look valid.
the problem is, apple and steve job did, it's their arrogance that is backslashing when people hear this news
Yeah, I hate the way they try to market their OS. It's about the sorriest way to do it. Then again, they need all the help they can get selling an overpriced piece of crap.
When Microsoft patches a few Windows flaws all the MAC fanboys start the flame war, but when their mighty OS breaks and reveals itself as it is ( just like any other OS) They can't withstand the critic, wake up; it is life, yes your OS just happens to be less popular thus being less attacked that's all.
Noone has claimed OS X is 100% secure.
And no, Mac users don't start flamewars in those threads.
Stop pulling stuff out of thin air to make your opinion look valid.
the problem is, apple and steve job did, it's their arrogance that is backslashing when people hear this news
The problem is, you are making things up. Apple has never said OS X is 100% secure.
Which, in the case of patches, is completely pointless. Software will never be 'perfect' because it is prone to human error and changes in technology. Therefore, there are 2 choices for Apple and Microsoft: Continue patching their operating system for eternity or patch it for a reasonable length of time before moving onto their next operating system.
Apple and Microsoft can never stop patching their software so the oh-so-old Mac vs. Windows debates, when based on patch quality, quantity, or speed, is one that can never be settled.
# of viruses in recent memory (since, say 2001, when MS released XP with FIVE open ports!
How high can you count?
Yeah, folks in the OS X camp have plenty to be happy about. Some are pretty vocal. The more vocal, the better. Perhaps that way, we can get even more to switch over and enjoy a better computing experience overall. There's a REASON for all this enthusiasm about OS X. Look into it, people!
When Windows is criticized, it's because MS has given critics truckloads of fodder to use against it. Taking a shot at Windows is bloody easy. Disturbingly easy. It doesn't happen because of some my-OS-is-better-than-yours bull****. It's all about track records.
# of vulnerabilities in OS X's first 3 months: about 30.
# of vulnerabilities in Vista's first 3 months: about 2.
This last update for OS X alone fixes almost 10 times more vulnerabilities than Vista has had total.
# of vulnerabilities in OS X's first 3 months: about 30.
# of vulnerabilities in Vista's first 3 months: about 2.
This last update for OS X alone fixes almost 10 times more vulnerabilities than Vista has had total.
'Vulnerabilities' fixed is not at all relevant. It is not indicative of the total vulnerabilities in the OS.
# of vulnerabilities in OS X's first 3 months: about 30.
# of vulnerabilities in Vista's first 3 months: about 2.
This last update for OS X alone fixes almost 10 times more vulnerabilities than Vista has had total.
'Vulnerabilities' fixed is not at all relevant. It is not indicative of the total vulnerabilities in the OS.
Duh. It's just the best indicator we have for those types of things.
# of vulnerabilities in OS X's first 3 months: about 30.
# of vulnerabilities in Vista's first 3 months: about 2.
This last update for OS X alone fixes almost 10 times more vulnerabilities than Vista has had total.
'Vulnerabilities' fixed is not at all relevant. It is not indicative of the total vulnerabilities in the OS.
Duh. It's just the best indicator we have for those types of things.
No it isn't. It is NO indicator at all. All it indicates is how anal the company is about fixing them, how quickly they close the holes, and how good they or others are at finding them.
Give it time. Things tend to stink worse when left in the sun for extended periods.
Leave Steve alone, he's sensitive.
hooray for Mac users. really. not being sarcastic here.
just shows that Apple cares about the security of their products. end of story for me.
how about you, buddy?
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.