Apple patches 22 security holes in Mac OS X

Posted:
in macOS edited January 2014
There's a new security update available via SoftwareUpdate, mine is 11.8 MB



Improves the following component's security:



AirPort

ATS

CFNetwork

Finder

Font Book

Font Importer

Installer

OpenSSL

PHP

PPP

Samba

Security Framework

VPN

WebKit

gnuzip

perl
«1

Comments

  • Reply 1 of 30
    AppleInsiderAppleInsider Posts: 58,989administrator
    A new security update released by Apple Computer on Tuesday patches several exploits recently discovered in its Mac OS X operating system, including one widely publicized issue with its disk image software.



    Of the twenty two vulnerabilities fixed by the updated --which is labeled Security Update 2006-007 -- twelve are related to flaws that could lead to arbitrary code execution.



    For example, the update addresses an issue where a heap buffer overflow may be triggered when the Mac OS X Finder is used to browse a directory containing a corrupt ".DS_Store" file. The system file may be included in archives, on disk images, and on network file systems.



    "By enticing a user to browse a directory containing a maliciously-crafted ".DS_Store" file, an attacker may be able to trigger the overflow," Apple explained. "This could lead to an application crash or arbitrary code execution with the privileges of the user running Finder."



    The Cupertino, Calif.-based company said the security update addresses the issue by performing additional validation of ".DS_Store" files.



    Another flaw addressed by the update relates to a glitch in VPC that could allow malicious local users to gain system privileges.



    "Under certain circumstances, the VPN server may execute commands without properly cleaning the environment," Apple said. "This may allow a malicious local user to create files or execute commands with system privileges."



    Also covered by Tuesday's release are vulnerabilities affecting AirPort, ATS, FontBook, Font Importer, Installer, OpenSSL, PHP, PPP, Samba, Security Framework, WebKit, gnuzip and perl.



    The update is available Mac OS X 10.4.8 Client Intel (23MB), Mac OS X 10.4.8 Client PowerPC (11MB), Mac OS X 10.4.8 Server PowerPC (12MB) Mac OS X 10.4.8 Server Universal (25MB), Mac OS X 10.3.9 Client (33MB) and Mac OS X 10.3.9 Server (46MB).
  • Reply 2 of 30
    irelandireland Posts: 17,794member
    23.9MB of patches, always a good thing.
  • Reply 3 of 30
    Security Update 2006-007 ... Licenced to Thrill, if you're really that enthusiastic about unexploited system security issues.



    Now here's the perennial question: why are Intel updates ALWAYS larger than PowerPC ones? Something to do with the PPC's underlying greater elegance on the binary level perhaps? Ah Moto and IBM, you damn fools. You blew it up, you blew it all to hell!
  • Reply 4 of 30
    Quote:
    Originally Posted by fuyutsuki


    Security Update 2006-007 ... Licenced to Thrill, if you're really that enthusiastic about unexploited system security issues.



    Now here's the perennial question: why are Intel updates ALWAYS larger than PowerPC ones? Something to do with the PPC's underlying greater elegance on the binary level perhaps? Ah Moto and IBM, you damn fools. You blew it up, you blew it all to hell!



    Because the Intel version includes fat binaries (i.e., both PPC and Intel code).
  • Reply 5 of 30
    Quote:
    Originally Posted by palter


    Because the Intel version includes fat binaries (i.e., both PPC and Intel code).



    That would make sense once Leopard rolls out and, presumably, everything is in perfect sync in universal binary form. But why have separate Intel and PPC updates if one is supposedly universal already? Answer: I'm pretty sure they're just one format each.
  • Reply 6 of 30
    jeffdmjeffdm Posts: 12,951member
    Quote:
    Originally Posted by fuyutsuki


    Now here's the perennial question: why are Intel updates ALWAYS larger than PowerPC ones? Something to do with the PPC's underlying greater elegance on the binary level perhaps? Ah Moto and IBM, you damn fools. You blew it up, you blew it all to hell!



    That doesn't make sense, as x86 instructions often can do more per instruction, vector instructions notwithstanding.



    But I wouldn't know why the x86 version is larger, unless it's also including x86-64 pieces too.
  • Reply 7 of 30
    Quote:
    Originally Posted by JeffDM


    That doesn't make sense, as x86 instructions often can do more per instruction, vector instructions notwithstanding.



    But I wouldn't know why the x86 version is larger, unless it's also including x86-64 pieces too.



    It could be the 64 bit stuff is what's causing this. Obviously the PowerPC updates need to cover G5's and should be "just as 64 bit" as the Intel ones for the Core 2's ... but is x86-64 a format that requires more duplication than PowerPC 64?



    To be fair, I've no idea. But I do know that 64 bit was added as more of an afterthought to x86 than it was to PPC. There's essentially four binary formats lurking deep within OS X: PPC and Intel, each in 32 and 64 bit. Maybe 32 and 64 bit PPC instructions just meshes better, yielding the tighter size...
  • Reply 8 of 30
    gdoggdog Posts: 224member
    any issues with this update? does it slow things down at all? speed things up? my systems (macbook, imac) are all working great, i hate to mess things up. thanks.
  • Reply 9 of 30
    No issues with the update here.



    The finder for me seems much better and more responsive.



    Now all we need is apple to patch the list of most recent security issues and all will be much better.
  • Reply 10 of 30
    Anyone else... issues?
  • Reply 11 of 30
    irelandireland Posts: 17,794member
    Quote:
    Originally Posted by SpamSandwich


    Anyone else... issues?



    no, I'd recommend it.
  • Reply 12 of 30
    dr. xdr. x Posts: 279member
    Installed fine on an iMac G5 (PowerPC) and a Mac Book Pro (Intel) without problems.
  • Reply 13 of 30
    all is dandy on my G5 here.
  • Reply 14 of 30
    melgrossmelgross Posts: 33,335member
    I'm happy to see that Apple is taking security more seriously these days. It often took months before a security update came out.



    Perhaps the recent "surge" of one or two poor attempts against the OS has awakened them.
  • Reply 15 of 30
    tednditedndi Posts: 1,921member
    works ok here too.



    thankfully.
  • Reply 16 of 30
    Quote:
    Originally Posted by melgross


    I'm happy to see that Apple is taking security more seriously these days. It often took months before a security update came out.



    Perhaps the recent "surge" of one or two poor attempts against the OS has awakened them.



    I think the key word here is "attempts".



    That is one of the fundamental differences between Apple and M$: Apple tends to fix things before they become a problem, whereas M$ only fixes things after the damage has already been done.
  • Reply 17 of 30
    jeffdmjeffdm Posts: 12,951member
    Quote:
    Originally Posted by csimmons


    I think the key word here is "attempts".



    That is one of the fundamental differences between Apple and M$: Apple tends to fix things before they become a problem, whereas M$ only fixes things after the damage has already been done.





    The key difference is that the Apple OS had been largely irrelevant until lately, even a half-credible attempt was really made.
  • Reply 18 of 30
    Quote:
    Originally Posted by csimmons


    I think the key word here is "attempts".



    That is one of the fundamental differences between Apple and M$: Apple tends to fix things before they become a problem, whereas M$ only fixes things after the damage has already been done.



    I was thinking the exact same thing when I first heard about this release. My first thought was, "What?, Oh, OK. A security update." But with Windows, you first read/hear about these things in the papers, TV, online, everywhere, except from Microsoft. Then a few days or a week or so later, you get the security patch from Microsoft. It's like Microsoft is always the last to know about their security holes.
  • Reply 19 of 30
    Quote:
    Originally Posted by melgross


    I'm happy to see that Apple is taking security more seriously these days. It often took months before a security update came out.



    Perhaps the recent "surge" of one or two poor attempts against the OS has awakened them.



    Apple has always taken security seriously. To assume otherwise is absolutely ludicrous.
  • Reply 20 of 30
    Quote:
    Originally Posted by JeffDM


    The key difference is that the Apple OS had been largely irrelevant until lately, even a half-credible attempt was really made.



    I'd have to disagree with you there. For the past few years, Apple has been getting very good press regarding OSX (both for Tiger and Panther), therefore making it a high profile target for hackers. Hacking is more ego driven than anything, so I believe that OSX has probably been high on the hackers hit list for a long time, since the person who successfully writes a virus for OSX and put's it in the wild will almost instantly become a legend, at least in the hacker community. Vista has already been hacked, so it's not as interesting as OSX is as a target.
Sign In or Register to comment.