Network News

X My Profile
View More Activity

Apple Patches Java, OS X and Safari 3 Flaws

Apple pushed out a bushel of patches late last week to fix at least 18 security vulnerabilities in its implementation of Java for Mac users. Then on Monday, the company issued a large update that plugged at least 40 security holes in different versions of its OS X operating system. Another standalone patch eliminates a single security flaw in Safari 3 Beta for Windows.

The Java update applies to Mac systems running OS X 10.4 (Tiger) and earlier versions. Apple says none of the vulnerabilities patched in the Java roll-up are present in OS X 10.5 (Leopard). However, a fair number of the fixes in the patch batch for OS X also apply to Leopard.

Some of the security vulnerabilities included in the 80 megabyte Java package were fixed by Java maker Sun Microsystems nearly a year ago. For Apple users, these are not trivial flaws: Apple says some of the holes could be used to add or remove items from a user's Keychain (which manages passwords on the Mac) without prompting the user. A slew of other vulnerabilities could be used to plant executable programs on Mac systems.

Yet, as a number of other bloggers have already pointed out, for whatever reason Apple's Software Update program fails to alert users that the Java update includes a large number of important security updates.

By Brian Krebs  |  December 18, 2007; 8:48 AM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: New QuickTime Player Fixes 3 Security Flaws
Next: Study: $3.2 Billion Lost to Phishing in 2007

Comments

Bk> for whatever reason Apple's Software Update program fails to alert users that the Java update includes a large number of important security updates

Yes, methinks the new car smell fadeth apace.

Posted by: antibozo | December 18, 2007 3:13 PM | Report abuse

It used to be when Microsoft releases security updates, it gets crucified for having a bad product; and when Apple does the same, people hail it as being a responsible software maker of a superior product.

The truth is Mac OS is just as vulnerable but nobody bothered to attack it before, due to its small installation base.
As Macs gain popularity, the hackers will be more and more interested in exploiting its security flaws.

Posted by: Chuck | December 18, 2007 11:01 PM | Report abuse

Actually, Chuck, I'd say the tide has turned. When M$ vulnerabilities are exposed, I see a lot of shoulder shrugging - "What do you expect from M$?" But when it's Apple... OMG... they failed us! How could they??!!!

But I think we would both agree that both positions are stupid.

(M$ products ARE bad, though! It's just that Apple is not as great as its white-background commercials say.)

Posted by: James | December 19, 2007 8:29 AM | Report abuse

As Apple broadens its market share hackers will sure be there. Mac users will have to live with it and become more security conscious, sigh!
I'm more worried about how Apple will behave when it becomes the new big cat.

Posted by: Nick | December 19, 2007 12:26 PM | Report abuse

As I mentioned in a previous thread, why did Apple choose to include Java in the OS?? Due to security and bloat issues, I've blacklisted Java for years on my Windows systems. (I keep my systems lean, mean and secure by limiting the software installed on them and always use a limited user account. Both reduce the system attack surface.)

Among numerous other reasons, this is one that gives me great pause in considering the use of OS X. I prefer more choice with my computer systems. Ditto on other products (ex. iPod must use iTunes, which includes QuickTime, ugh!! iPhone requires AT&T). See a pattern here???

Posted by: TJ | December 19, 2007 1:35 PM | Report abuse

Personally, I think Apple need to implement an effective patch development and -testing system.

My gripes with this one:

1) Downloading the security patch via Software Update returned fictitious network errors. I tested my connection thoroughly and it was fine all along.
2) In the hypothetical case that it wasn't, why is the software updater incapable of resumable downloads?
3) After having manually downloaded and installed the patch, my system hung on startup. (This was fixed by booting into safe mode and then rebooting.)

This is not the first time I have had trouble with "recommended" patches and the software updater.

The famous SuperDrive firmware update comes to mind, which turned my drive and those of countless others into paperweights.

Right now, I cringe every time there's an update that I need. It shouldn't be like that and its to Apple's shame that it is.

Posted by: CL | December 19, 2007 7:20 PM | Report abuse

You guys are way to funny. Seriously. Acting like children. Saying Apple fans are this and MS fans are that. When will this idiotic fight stop?

Posted by: Sigh | December 20, 2007 7:58 AM | Report abuse

The fact is: they are machines, more complex all the time. The real idiots are those who have nothing better to do than exploit them at our expense for their amusement.

Posted by: MOH | December 24, 2007 2:39 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company