recent posts

Web Fraud 2.0: Distributing Your Malware
Opera Update Plugs Multiple Security Holes
Web Fraud 2.0: Digital Forgeries
Web Fraud 2.0: Validating Your Stolen Goods
Web Fraud 2.0: Cloaking Connections

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Apple Issues Another Mac Patch Bundle

Apple today released its second bundle of security updates in as many weeks, issuing updates to fix problems in a few core Mac OS X programs, including the operating system's e-mail client and Safari, the default Web browser.

By preparing a specially crafted e-mail message with attachments and enticing a user to double-click on that attachment within Mail, an attacker could trigger a condition that allows the execution of unwanted programs on the user's system, according to Apple's advisory.

Apple also released an update to fix a problem in which Safari could automatically open a file that appears to be a safe file type -- such as an image or movie -- but is actually an application of the attacker's choosing. Apple said the update also shores up some of the protections in a separate Safari update it issued March 1, when it released a bundle of fixes that mended 20 different software vulnerabilities in OS X.

Updates are available for OS X 10.4.5 and 10.3.9 and the same version numbers of OS X Server. Mac users can upgrade manually through Apple Downloads or through Software Update.

I'm a little surprised Apple didn't wait to release its update until Tuesday, when Microsoft is expected to issue two security patches. In January and then again last month, Apple issued bundles on the second Tuesday, the same day Microsoft releases fixes as part of its regular monthly "Patch Tuesday" cycle.

By Brian Krebs |  March 13, 2006; 4:14 PM ET New Patches
Previous: McAfee Update Flags Hundreds of Innocuous Programs | Next: Microsoft Patches: Two for Tuesday

Comments

Please email us to report offensive comments.




Brian Krebs writes,"I'm a little surprised Apple didn't wait to release its update until Tuesday, when Microsoft is expected to issue two security patches."

Brian, this is a strange comment. Why should anyone wait for Microsoft? Independent labs in the past have offered patches to Windows while MS sat back and pondered. You shouldn't be surprised that Apple is ahead of Microsoft; they've been miles ahead of MS on computing security ever since OSX was introduced.

Posted by: J Rouleau | March 14, 2006 1:47 PM

JR- I only mentioned that because I found it remarkable that for the last two months Apple has issued its patches on the same day as Microsoft. I'm not making a judgment about whether or not it makes more sense for Apple to do it that way or not (there are arguments for and against it) I just thought it was interesting enough to note.

Posted by: Bk | March 14, 2006 2:14 PM

The comments to this entry are closed.

 
 

©  The Washington Post Company