Apple Updates Fix Mac OS X, Snow Leopard, iPhone OS – Yahoo! News
Apple Updates Fix Mac OS X, Snow Leopard, iPhone OS – Yahoo! News
Apple released a king-sized security update for Mac OS X on Thursday, a separate fix for its just-released Snow Leopard, and an update to the iPhone operating system. Some of the updates fix problems, but others seem to cause new ones.
Thursday's updates fix 33 vulnerabilities in the Mac OS X Leopard operating system involving third-party applications such as Adobe Flash, Samba, MySQL and PHP. The Leopard update also addresses potential security vulnerabilities in Alias Manager, CarbonCore, CUPS, ColorSynch, ImageIO, Wiki Server, CoreGraphics and Launch Services.
Apple has a history of being haunted by vulnerabilities in third-party products. The key issues in the latest advisories are buffer overflows, integer overflows, and memory corruption.
Third-Party Headaches
Apple would serve itself well to figure out how to optimize the bundling of third-party applications and create some space between third-party apps and the Mac OS, according to Andrew Storms, director of security for nCircle.
“Apple really needs to learn how to close the time loophole on third-party products. Thursday's PHP update was released into the community back in June,” Storms said. “Unfortunately for Apple, they needed to create an entirely new point release for their operating system in order to push out a patch to a third-party product.”
With the Leopard update, Apple is also addressing basic enterprise security needs. Two items of particular interest involve circumventing security if an attacker has access to a physical device.
“One of these items is the ability to circumvent the administrator set screen lockout time duration, the second lets an attacker recover data from the device even when locked by using the Apple recovery tool,” Storms said. “These are both basic handheld-device security mechanisms that Apple needs to nail in order to be trusted in the enterprise.”
Snow Leopard Fixes, iPhone Problems
Even though Apple previously released patches around SMS vulnerabilities based on presentations at the Black Hat Conference, Thursday's Leopard update saw more patches. Storms said this should be no surprise to anyone who listened to Charlie Miller's comments during the conference.
“All of the QuickTime bugs can be attributed to file-parsing vulnerabilities. These kinds of attacks plague unsuspecting users watching video or multimedia presentations on the Web,” Storms said. “Every QuickTime user should take special note that these updates are not just Mac-related. Windows users will also need to upgrade in order to be protected.”
Storms noted that Apple took a big hit recently when releasing its brand-new operating system, Snow Leopard. Apple appeared to have downgraded the Flash player, leaving users vulnerable to security bugs, Storm explained. Security researchers are thankful that the Flash update was included in the Mac OS X 10.6.1 update on Thursday. The Snow Leopard update also fixes some compatibility issues with peripheral devices.
For home buying ideas, visit The Home Buyer’s Agent
Mail this post
Leave a Reply