Network News

X My Profile
View More Activity

Apple Issues Patches for 25 Security Holes

Apple today released software updates to plug more than two dozen security holes in its Mac OS X operating system and other software. The free patches are available via the Mac's built-in Software Update feature or directly from Apple's Web site.

All told, today's batch fixes some 25 distinct security vulnerabilities, including a dangerous flaw present in the AirPort wireless devices built into a number of Apple computers, including the eMac, the iBook, iMac, Powerbook G3 and G4, and the Power Mac G4. Apple said computers with its AirPort Extreme wireless cards are not affected.

Earlier this month, Apple released a software update to fix a vulnerability in its wireless router, the AirPort Extreme Base Station. That update and instructions on how to apply it are available here.

By Brian Krebs  |  April 19, 2007; 5:41 PM ET
Categories:  Latest Warnings , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: The Easy Way to Unclutter a New PC
Next: Rogue Networks Stir Trouble for Firms of All Sizes

Comments

"a dangerous flaw present in the AirPort wireless devices": Not really. It requires a local user (i.e., physical access to a logged-in account on the computer), not a proximate user making a wireless connection.

Posted by: Glenn Fleishman | April 19, 2007 6:19 PM | Report abuse

Has a security vulnerability ever been exploited on Mac OS X?

Posted by: Mac User | April 19, 2007 6:35 PM | Report abuse

I`ve seen those Apple commercials on television. I thought Apple computers were perfect. Please don`t tell me they`re LYING!

Posted by: Mark F. | April 19, 2007 6:36 PM | Report abuse

"Has a security vulnerability ever been exploited on Mac OS X?"

Yes. You're kidding, right? You must be kidding...

Posted by: Mark F. | April 19, 2007 6:37 PM | Report abuse

Mark F. - Your response is uninformative. Please provide more information. When? What computers were affected?

Posted by: Mac User | April 19, 2007 6:56 PM | Report abuse

I have a partial answer to my question.

From March 20, 2007, McAfee Avert Labs Blog (Marius van Oers):

>

He doesn't say what Mac OS X computers have been compromised, or if any have been.

Sharon Gaudin has an article, "Despite Vulnerabilities, Apple's Mac OS X Weathers The Security Storm," on informationweek.com, but no data about exploited computers.

Posted by: Mac User | April 19, 2007 7:34 PM | Report abuse

Inadvertently deleted from prior post:

From March 20, 2007, McAfee Avert Labs Blog (Marius van Oers):

Today we know of over 236,000 malicious malware items. These are mostly meant for the MS-Windows environment. Only about 700 are meant for the various Unix/Linux distributions. Current known Mac OSX malware count is even less with 7, so pretty much non-existent at the moment.

Posted by: Mac User | April 19, 2007 7:37 PM | Report abuse

Mac User, I guess having a piece of crap computer is the price you pay for better security. My C64 had no known viruses.

Posted by: joe | April 19, 2007 8:08 PM | Report abuse

Posted by: antibozo | April 19, 2007 8:31 PM | Report abuse

if Mac's were as prevalent as Windows PC's they'd have even more attack points.

Posted by: Art | April 19, 2007 11:10 PM | Report abuse

> "if Mac's were as prevalent as Windows PC's they'd have even more attack points"

But they aren't, so they don't... and they wouldn't have viruses either, no matter how popular they got.

Posted by: G Mahoney | April 20, 2007 1:51 AM | Report abuse

Man, mac supporters are unbelievable...

the fact is that Apple never says "we have a problem and we are working on a solution." They just go about it deleting forum posts and stuffing opposition and then 3 weeks later release a patch for it. How can Apple patch a problem that doesn't exist?

Posted by: Dan | April 20, 2007 2:11 AM | Report abuse

People should understand that MacOSX is just a shell program over UNIX. Every vulnerability to UNIX is a potential vulnerability to MaxOSX.

This doesn't mean I consider Mac's to be bad or inferior. I'm a WinXP user, but I do credit Mac with pushing the envelop and setting benchmarks that other operating systems work to include.

If your offended on a blog comment section from someone from either side about your operating system usage, you really should reconsider your priorities in life.

Posted by: kjb434 | April 20, 2007 9:38 AM | Report abuse

Well, I guess the proof is in the pudding. All mac users who continue to insist on their OS's perfection have a choice: to download or not download the fixes. Any of you ferverts who do download need to admit it publicly or just shut up. Those who don't are at risk. (I know... "ferverts" is a new word.)

Posted by: Pete from Arlington | April 20, 2007 9:44 AM | Report abuse

Following up on kjb434, Indeed Mac OS X is built on top of BSD UNIX, so BSD's holes are Mac's holes. BSD (especially OpenBSD) is regarded as a comparatively secure OS in the market. But Apple has put a lot of work into it, and uses a version of BSD called Darwin.

Essentially, on top of UNIX, Apple has built a heck of a lot of software that all must be built in a secure way to maintain system security. My guess has always been that larger market share (and therefore more payoff for exploitation) would lead to more threats. Thankfully for Apple users, even their solid performance recently hasn't put much of a dent in Microsoft.

Posted by: GW | April 20, 2007 10:11 AM | Report abuse

FYI, fervert isn't a new word, you're just misusing it and calling it new. That doesn't count.

Irritating online fanboys aside, no one seriously considers the mac perfect. I have had mine kernel panic and everything else. What it doesn't have is a generally lax security system that lets innocuous looking files (animated cursors anyone?) invade my system.

Posted by: Anonymous | April 20, 2007 10:14 AM | Report abuse

> What it doesn't have is a generally lax security system that lets innocuous looking files (animated cursors anyone?) invade my system.

Yeah--no animated cursors; just "safe" disk images.

Posted by: antibozo | April 20, 2007 10:25 AM | Report abuse

I have had Macs for 17 years. I have at least 5 right now between family and business. In all that time I, or anyone I have ever known using a Mac has had a virus or spyware. I also help, when I can, for a mac users group and other friends... not a single instance of a virus. That is just my experience. I have never installed any virus protection programs. I am not making a dig at anyones favorite OS. I hope you all have good experiences. I have also owned computers in my home since 1980 and built them as a kid in the 60's.

Posted by: bwhite | April 20, 2007 10:34 AM | Report abuse

Oy.

What amazing FUD in the comments by people who, it appears, are more interested in being snarky because MS Windows is home to so many viruses that even keeping track of the number of them is difficult.

Given the huge reputation boost that would be garnered by the virus author who actually succeeded in writing a truly non-local user exploit for OS X or for Linux, there's plenty of interest in doing so.

Of course, no operating system is perfect. But if you think there are simply no actual viruses for OS X because it has a small number of users, you're just as clueless as the folks you're maligning for adopting the platform who think it is 'perfect'.

As Apple becomes aware of potential exploits they patch them. So far the only ones with notable risk have been for privilege escalation for _local_ accounts (consistent with the model of vulnerabilities of other *nices). With direct physical access to a host, _all_ systems are inherently vulnerable. The real questions revolve around remote exploits, and vulnerability to viruses. Six years and counting, and the number is still what? Oh, right -- zero.

The first much-hyped OS X 'potential wireless exploit' was completely artificial and involved adding a third-party wireless card, and it was the third-party vendors driver that had the potential exploit. If you look at the media hoopla about that, imagine what it will be like for the first real, remotely-exploitable vulnerability.

So far, though, whether it seems naive or not to think it will always be the case, those starry-eyed OS X users are right, and they _don't_ have any viruses to contend with. And, yes, it's because of *nices having a better security model that, while certainly not perfect, no, is still much, much, much harder to exploit than that of Windows.

Posted by: matthew | April 20, 2007 11:01 AM | Report abuse

I've had Windows machines since Win3.1. I have 7 right now. I, nor anyone I know, has ever gotten a virus or hacked.

Posted by: Anonymous | April 20, 2007 11:20 AM | Report abuse

yawn...

Posted by: tomatin | April 20, 2007 11:27 AM | Report abuse

To "":

You may not have had your computers infected by viruses or been hacked, but others with Windows machines have.

There are hundreds of thousands if not millions of zombie machines that are controlled by spammers and scammers. They all run Windows.

Even Macintoshes have been vulnerable to viruses in Microsoft Word. I've received infected Word documents. Fortunately, my virus protection software has detected it and blocked it.

I wouldn't be surprised if exploits appeared for Intel-based Macintoshes based on their ability to run Windows (using Parallels or the like). Are Macintoshes running Windows under Parallels as vulnerable as Intel boxes running Windows native?

Posted by: Arthur | April 20, 2007 11:35 AM | Report abuse

kjb434> People should understand that MacOSX is just a shell program over UNIX.

That's technically inaccurate. But Mac OS X does implement a very UNIX-like security model.

matthew> Given the huge reputation boost that would be garnered by the virus author who actually succeeded in writing a truly non-local user exploit for OS X or for Linux, there's plenty of interest in doing so.

Reputation only interests a tiny subset of malware authors. Remuneration interests more.

matthew> it's because of *nices having a better security model that, while certainly not perfect, no, is still much, much, much harder to exploit than that of Windows.

As the ramen and lion worms demonstrated back in 2001, it is possible to write self-propagating malware that successfully exploits remote vulnerabilities on the UNIX security model. All it requires is a suitable vulnerability. There is nothing inherent about Mac OS X that makes viruses and worms impossible.

matthew> The first much-hyped OS X 'potential wireless exploit' was completely artificial...

Blind belief, in the complete absence of evidence, that the wireless exploit was falsified doesn't help anyone. It does demonstrate the religious predisposition of certain Mac zealots, however.

Arthur> Are Macintoshes running Windows under Parallels as vulnerable as Intel boxes running Windows native?

Certainly Windows running under virtualization is as vulnerable as Windows running without--virtualization itself doesn't have any impact.

Posted by: antibozo | April 20, 2007 12:26 PM | Report abuse

a virus is a self-replicating program. a series of executable commands that serves to reproduce the original series. they exist for all known modern operating systems. please stop the stupidity.

Posted by: Anonymous | April 20, 2007 12:34 PM | Report abuse

There was an entire month where a security flaw that affected the Mac OS X platform was released each. That was January. Since then, Apple has been fixing those flaws. At least 3 of these 25 flaws were found in that exercise.

Posted by: Anonymous | April 20, 2007 1:31 PM | Report abuse

Who said that OS X is perfect in the first place ? Oh yeah, no one.

Windows users get so defensive nowadays. I work on a professionnal basis with both platforms, and yes, I prefer from far OS X.

Why ? There's not a single time that one of my Unix systems had to be reinstalled for another reason than my own sheer stupidity. I've had computers since 1985 and the Internet since 1994. That's a long run compared to most of users out there.

OS X may not be perfect, but it never let me down. I wish, oh god how I wished, that I could say the same for Windows. SO MANY WASTED HOURS reinstalling Windows... god I hate Windows.

Posted by: Luc | April 20, 2007 1:33 PM | Report abuse

To Arthur, Mac machines have been hacked as well. Sorry, it's just the facts. There have been contests, but when the machines get hacked, often the Apple promoters refuse to pay up.

Posted by: Anonymous | April 20, 2007 2:15 PM | Report abuse

Luc> I work on a professionnal basis with both platforms, and yes, I prefer from far OS X.
Luc> Why ? There's not a single time that one of my Unix systems had to be reinstalled...

I don't follow. First you're talking about OS X, then you're talking about UNIX. Are you saying you think OS X is UNIX? Because as a UNIX and Linux (and Mac OS and Windows when absolutely necessary--I detest both) admin, I can tell you, Mac OS is a quite different from UNIX in many ways both practical and legal, as is any BSD-based system. As a security incident responder, I can tell you that UNIX, Linux, Windows, of course, and yes, even (though less frequently) Mac OS X systems are compromised and have to be reinstalled all the time--not always because of remotely exploitable vulnerabilities, but usually because users are equally stupid no matter what kind of box you put in front of them.

Posted by: antibozo | April 20, 2007 2:16 PM | Report abuse

Windows users are defensive? If so, Apple users are aggresive. But really, Apple users are defensive. I mean, this was just a news piece about Apple releasing a massive security update, but look at the first two posts. Apple apologists on the defensive!

Posted by: Anonymous | April 20, 2007 2:18 PM | Report abuse

O.K. already. I have both types of sytems, I have from experience had more problems with Windows...but...I like it better than Apple OS X, perhaps I'm just more used to it. Really, both systems have their strong points...can't we all just get along?

BTW which is better-Ford or Chevy?

Posted by: Terry | April 20, 2007 3:13 PM | Report abuse

Every time a Mac security anything is published the mac heads come out. I actually almost hate to even see something published about Macs just due to the idiots that pop here heads out of their hole.

I think most of the ones that come in here and spew out false data (plenty in this thread) are those Mac users that used Mac before it was cool. They used it because it was only point and click. Not bright enough to use the more complicated systems like Dos or Windows? Maybe, so. They have been carried over into this new Mac world and think they are experts. Most of them probably don't even know what 'Terminal' is.

And the really funny part is, they think that people buy it.

I have a Macbook Pro, never infected. I also have used DOS and Windows and NEVER BEEN INFECTED.

So SHUT UP.

There

Posted by: Mac Fanatics | April 20, 2007 3:20 PM | Report abuse

So, uh, if BK's headline includes the word "Apple," I have learned to just read the article. If I scroll down, I see many people simply missed the point of his writing!

Posted by: umm.huh | April 20, 2007 4:30 PM | Report abuse

I am not a Mac fanatic. I have no emotional attachment to OS X or any other operating system. I have a life.

I moved to OS X from Linux for a number of reasons. I use the command line every day (iTerm, not Terminal). I like the usability of the GUI stuff, but I also like to write code in a number of languages, all of which are freely available on OS X. I like free, which bothers me about OS X, but I like Fink.

I asked my question, post number 2, because I genuinely wanted an answer. If you interpreted my question as some sort of Apple apology, the problem is yours. Seek help.

Posted by: Mac User | April 20, 2007 7:48 PM | Report abuse

The worst part of the M$ bashing is a simple lack of understanding of the basic business model of M$ Vs. Apple. Apple has ALWAYS maintained proprietary control of their "Boxes" They have choosen every shred of hardware they put in their system so the only swappable drivers they ever needed to worry about were periferals and up until recently (Last 7 Years) the list of supported periferals was very very small. Micrsoft had to build an OS that worked on EVERY "IBM compatable" machine including complete POS like EMachines. Most of my XP problems came from a cheap part I threw in to test that ended up frying and giving me a BSOD. Dead Ram is infuriating. Every virus I have ever gotten I downloaded myself. Usually screwing around with cracks and keygens. Another large business is of course Malware, and obviously targeted to the larger market share. For everyone who isnt sure. Yes, there are Mac viruses and exploits. There are several hundred for pre OSX. If Mac had a market share of more than 75% of the world and also was writing business driven global corprate software there would be an insane number of viruses and as a final point. I am glad so many Mac users feel no need for antivirus or security software. Of course you may regret it when the mac worm comes out. The patch apple just released in this article is a warning that it can happen, it just hasnt. Other exploits have, there is no official database for how many people have hacked into a mac using external exploits. Viruses are a dying breed. There are not that many devs left and most of them keep their code pretty close due to the value of undiscovered exploits in this day of patches and anti virus scanners.

Posted by: Reality | April 20, 2007 10:18 PM | Report abuse

Bottom line:

Patch your system!!!!!!!!!!

Otherwise, lighten up and get a life!

Posted by: TJ | April 20, 2007 10:59 PM | Report abuse

You all need to get a life. Who cares which OS you use as long as it gets the job done with little headaches as possible

Posted by: Laughing | April 21, 2007 12:12 AM | Report abuse

At least fourteen (14) of these fixes are in Apple's own code. Although MS fudders like to cite the entire collection, an estimated eleven (11) are in FOSS code. But CNET et al will of course not mention this.

Of the 14 attributable to Apple many have to do with unclean environments - see MOAB #21 for a further explanation.

OTOH we have our usual infestation of fanboys. Fanboy logic works like this.

1. If there's an attack (and there have been many and there will continue to be many just as with any Unix) then deny it ever happened. If it's a worm, claim it's a virus; if it's a virus, claim it's a trojan; if it's a trojan, claim it's a feature. And so forth.

2. As soon as anyone claims there are lines of code to be fixed in OS X, come straight out and demand everyone tell you about the exploits you've worked so hard to forget.

3. As the rest of the readers will immediately size you up as a complete idiot, you will get no response and can therefore go on collecting Apple box tops in full assurance the OS is the most secure ever written in the history of your little insignificant world.

Posted by: Rick | April 22, 2007 9:32 AM | Report abuse

As a Windows user I don't think I'm superior to Mac users but I take offense to the Mac fans(and commercials) who say their OS is virusproof.

Posted by: PCattack | April 26, 2007 3:24 PM | Report abuse

You're right. Almost 0.003% of all malware is aimed at Mac OS X (see below), and Mac fans and commercials should stick to the facts. Would it be OK with you if they point out that 235,000 is a much larger number than 7?

From March 20, 2007, McAfee Avert Labs Blog (Marius van Oers):
Today we know of over 236,000 malicious malware items. These are mostly meant for the MS-Windows environment. Only about 700 are meant for the various Unix/Linux distributions. Current known Mac OSX malware count is even less with 7, so pretty much non-existent at the moment.

Posted by: Reply to PCattack | April 26, 2007 5:49 PM | Report abuse

j3qnw4oeg5k90t 8tby3qqdcizy [URL=http://www.608726.com/310744.html] r9s4cabeh8ma9ryg [/URL] xfertlt9f0z

Posted by: 3o21jk8u6a | April 29, 2007 9:12 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company