Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 11 MINUTES AGO.
You are here: Home / Cybercrime / Apple Rolls Out a Mammoth Patch
Apple Rolls Out Another Mammoth Patch
Apple Rolls Out Another Mammoth Patch
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
18
2007
On Monday, Apple released a mammoth patch to fix 41 vulnerabilities in Mac OS X and to update the beta version of its Safari browser for Windows. The update follows a similar large patch last month.

Security Update 2007-009 fixes vulnerabilities in Apple's code, as well as in some open-source components that Apple integrates with Leopard and Tiger. Apple put almost half of the vulnerabilities in the category of "arbitrary code execution." That means the bugs could open the door to a hacker exploit.

"It's a large dump," said Ken Dunham, director of Global Response for iSight Partners. "The good news is that even though these vulnerabilities exist on a Macintosh operating system, we have not yet seen attackers give the Macintosh platform a lot of attention."

Looking at the Flaws

The fixes plug holes in Address Book, ColorSync, CUPS, iChat, Mail, Samba, Software Update, Spotlight, and several other applications and modules.

In one vulnerability, an attacker on a local network can initiate a videoconference with an iChat user without the user's approval. A Safari flaw, meanwhile, could let attackers gain access to personal information if the user visits a malicious Web site. And if users don't install the general update for the operating system, they could be exposed to a man-in-the-middle attack that causes Software Update to execute arbitrary commands.

Still, Dunham said he is not overly concerned. He cited only a few notable incidents in the last two years -- some related to proof of concept and others that spread in the wild just briefly. In each instance, he said, the media tends to act like the sky is falling.

"The reality is there's only a few dozen families of code that are even out there for the Macintosh system itself. Of those, many of them are not even functional today," Dunham said. "Before Windows 95, Apple moved to a system that removed almost every single virus on the face of the planet for Macintosh."

The Antivirus Question

Even the Mac-related incidents that the technology world has seen over the past five years have resulted in little consequence for Apple users, Dunham said. The impact and scope have been limited to a couple of hundred users who might have been exposed, he explained, and only a small number were potentially vulnerable to the exploit.

In light of Windows attacks that bounce from continent to continent with dozens of payloads and hundreds of thousands of bots, he added, Apple users are relatively safe.

"Whether or not to have antivirus software on a Macintosh is a tough call. On the Windows side, you need it because it will protect against a lot of old viruses," Dunham said. "But there's not much out there on the Mac side."

Image credit: SFMTA.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CYBERCRIME

NETWORK SECURITY SPOTLIGHT
Britain's cybersecurity agency has told government departments not to use antivirus software from Moscow-based firm Kaspersky Lab amid concerns about Russian snooping.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.