Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Apple/Mac / Apple Rolls Out a Mammoth Patch
Apple Rolls Out Another Mammoth Patch
Apple Rolls Out Another Mammoth Patch
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
On Monday, Apple released a mammoth patch to fix 41 vulnerabilities in Mac OS X and to update the beta version of its Safari browser for Windows. The update follows a similar large patch last month.

Security Update 2007-009 fixes vulnerabilities in Apple's code, as well as in some open-source components that Apple integrates with Leopard and Tiger. Apple put almost half of the vulnerabilities in the category of "arbitrary code execution." That means the bugs could open the door to a hacker exploit.

"It's a large dump," said Ken Dunham, director of Global Response for iSight Partners. "The good news is that even though these vulnerabilities exist on a Macintosh operating system, we have not yet seen attackers give the Macintosh platform a lot of attention."

Looking at the Flaws

The fixes plug holes in Address Book, ColorSync, CUPS, iChat, Mail, Samba, Software Update, Spotlight, and several other applications and modules.

In one vulnerability, an attacker on a local network can initiate a videoconference with an iChat user without the user's approval. A Safari flaw, meanwhile, could let attackers gain access to personal information if the user visits a malicious Web site. And if users don't install the general update for the operating system, they could be exposed to a man-in-the-middle attack that causes Software Update to execute arbitrary commands.

Still, Dunham said he is not overly concerned. He cited only a few notable incidents in the last two years -- some related to proof of concept and others that spread in the wild just briefly. In each instance, he said, the media tends to act like the sky is falling.

"The reality is there's only a few dozen families of code that are even out there for the Macintosh system itself. Of those, many of them are not even functional today," Dunham said. "Before Windows 95, Apple moved to a system that removed almost every single virus on the face of the planet for Macintosh."

The Antivirus Question

Even the Mac-related incidents that the technology world has seen over the past five years have resulted in little consequence for Apple users, Dunham said. The impact and scope have been limited to a couple of hundred users who might have been exposed, he explained, and only a small number were potentially vulnerable to the exploit.

In light of Windows attacks that bounce from continent to continent with dozens of payloads and hundreds of thousands of bots, he added, Apple users are relatively safe.

"Whether or not to have antivirus software on a Macintosh is a tough call. On the Windows side, you need it because it will protect against a lot of old viruses," Dunham said. "But there's not much out there on the Mac side."

Image credit: SFMTA.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.