recent posts

Security Fix Pop Quiz, Spring 2008 Edition
Time to Patch Your Flash
Spammers Using Google, Outlook Calendars to Get Your Attention
Online Banking: Do You Know Your Rights?
Get Paid to Find 'Back Doors'

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Apple Patches 93 Security Holes

Apple this week pushed out one of its biggest bushels of security updates in a long while, fixing more than 90 vulnerabilities in nearly every major component of its operating system and supporting software. Apple also released updates for the Windows version of its Safari Web browser.

Updates are available for server and desktop versions of Mac OS X Tiger (10.4.x) and Leopard (10.5.x). Mac users can grab the updates via the built-in Software Update feature. Safari for Windows users should run the bundled Apple Software Update program to grab the latest version.

By my count, Apple fixed at least 93 security vulnerabilities if you include the Safari bundle. Although, to be fair, many of the flaws addressed in the OS X bundle include fixes for OS X versions of third-party applications.

For example, nearly 20 of the updates correct problems in the Mac version of ClamAV, an anti-virus program. However, a number of flaws -- such as those fixed in Apple's Foundation level and the built-in Help Viewer application -- are quite serious, as Apple says they could be exploited just by convincing a user to click on a malicious link or visit a Web site built to target the flaw.

By Brian Krebs |  March 19, 2008; 11:34 AM ET New Patches
Previous: Hannaford Breach May Presage '08 Trend | Next: White House Taps Tech Entrepreneur For Cyber Post

Comments

Please email us to report offensive comments.



"Although, to be fair, many of the flaws addressed in the OS X bundle include fixes for OS X versions of third-party applications."

When Apple forks their code from upstream source, it becomes their responsibility to keep up to date with the upstream patches. Their difficulty in doing so has been particularly evident in Apple's forks of Java, OpenSSH, and KHTML (Safari). This is in contrast to operating system distributers such as RedHat, Debian, and Ubuntu, which not only track updates in a timely fashion, but are often major contributers of patches to upstream code.

Posted by: Mark | March 19, 2008 12:21 PM

"OS X versions of third-party applications."

And therein lies the rub for many who don't want third party versions of software included in the base install of their operating system! Not only does it take choice away from the end user, but it forces you to wait for the "Apple version" of security patches, in some cases months! (ex. Java). No thanks!

Btw, didn't a large software vendor once get into hot water for "bundling" software into the OS? Hmmm...

Posted by: TJ | March 19, 2008 1:53 PM

PC guy here and I was told Apple products NEVER, EVER get viruses.

This is the first time I'm hearing the opposite. What's up?

Posted by: Michael Safdiah | March 19, 2008 4:45 PM

Who said anything about viruses?

Posted by: INQAPPFANBOOI | March 19, 2008 7:21 PM

I thought Apple Computers didn't have security problems according to you apple fans their perfect.When Microsoft issues security patches you guys make a big deal over it. Live in your fools paradise the days coming when you will have to run an anti-virus.

Posted by: Robert | March 20, 2008 6:44 AM

@Robert

Been in paradise for 22 yrs. Not one hour spent disinfecting my Macs

Posted by: Larsonst | March 21, 2008 12:37 PM

@TJ:

This "third-party" software that Apple is updating is mostly part of the operating system. OpenSSH comes to mind, like BK said. Others include Apache, Kerberos, PHP, X11.

Posted by: Sean | March 22, 2008 10:48 AM

I made the switch and love my mac and its Leopard and will never go back to a PC- However, I use an anti-virus program - it was the first additional software I installed. As long as we are using a system designed by man, there will be a man who can crack it and worse there will be an evil man with the intent to crack it and cause damage. So as Ben Franklin said - better to be the pessimist and pleasantly surprised, than the optimist and often disappointed. So I'll expect and plan for the worst and be happy when it doesn't happen and when it does I know I'm prepared and can keep on surfing...

Posted by: Former PC user | March 23, 2008 2:07 AM

Post a Comment

We encourage users to analyze, comment on and even challenge washingtonpost.com's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.




 
 

©  The Washington Post Company