Apple unleashes raft of security patches

Most flaws could be exploited to run malware on Macs

By Robert McMillan, IDG News Service
December 18, 2007

Talkback

E-mail

Printer Friendly

Reprints

Apple kept its rush of year-end security patches coming Monday, issuing a flurry of fixes for its Mac OS X operating system and the test version of its Safari browser.

[ Talkback: Is Apple really better at security than Microsoft? ]

Monday's patches included a whopping 31 updates for the Apple operating system. The Mac OS X patches fix components ranging from the Address Book and iChat software to under-the-covers operating system components such as ColorSync, the IO Storage Family, and the Perl, Python and Ruby programming languages.

Most of these flaws theoretically could be exploited by attackers to run unauthorized software on the Mac, although some of them had other security implications, such as allowing an attacker to gain access to sensitive information or download files to the computer without authorization.

These updates are for the Mac OS X 10.4 and 10.5 operating systems, known as Tiger and Leopard, respectively.

Apple also released a minor update to its Safari 3 beta code, which runs on Windows as well as Mac OS X, fixing a cross-site scripting security problem that affects Windows users.

The patches come just days after Apple released a major update to its QuickTime media player and a Java security fix for the Mac OS X 10.4 operating system, code-named Tiger. The QuickTime flaw was particularly serious, as it had been exploited by online criminals since early December.

With hackers and security researchers now paying more attention to Apple's products, the company's security team has been working overtime on bug fixes this year. Monday's patches were Apple's 35th and 36th security updates this year. In 2006, the company released just 22 sets of patches for its products.

Additional resources
Tom Yager: Enterprise Mac
Review: Mac OS X Leopard: A perfect 10
Apple's new operating system and its massive new feature set challenge users and developers to explore new and better ways of working
Review: Leopard Server: The people's UNIX
Mac OS X v10.5 is true UNIX on the inside, novice admin friendly on the outside, and born for collaboration, with turnkey-simple blog, wiki, IM, and calendar services
Network Security IQ Quiz

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

Why San Francisco's network admin went rogue

Can you really live without Microsoft Office?

San Francisco's mayor gets back keys to the network

Mac (in)security: How to secure Macs in business

>> Talkback: Have your say

Virtualization: A Step by Step Approach to Success
Your virtual machines can be up and running in a matter of minutes. HP and Citrix have integrated XenServer with HP ProLiant servers and management tools, powered by hardware-assisted Intel Virtualization Technology to enable high- performance, cost-savings solutions for server consolidation and disaster recovery. Sponsor: HP

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

A Closer Look at SaaS Purchasing Behaviors and Attitudes - Citrix Online recently conducted a survey on the subject of SaaS purchasing behaviors and attitudes by gathering feedback...
Configuration Assessment: Choosing the Right Solution - Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important...
SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse - Data continue to grow while queries are becoming increasingly complex. Through participation in Oracle's Optimized Warehouse...
Five Steps to Secure Outsourced Application Development - How can you ensure that code delivered to you by your offshore partner is secure? This Whitepaper will cover the risk in...
Global Shared Memory: Performance and Productivity Breakthroughs - It's been called "hitting the memory wall," and it refers to the way data access hierarchies can impose unwanted limits ...
How IT Quality Managers Respond to SOA Change - This paper describes the challenges an HP customer and other IT quality managers face when applying traditional test tools...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

•

Application development

•

•

•

•

•

•

•

•

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Apple unleashes raft of security patches

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
SGI - SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse Microsoft - Learn about the software-based VoIP solution from Microsoft. Vizioncore - Complete Solutions for Virtual Server Management Microsoft - Meet Windows Server 2008. The server unleashed. HP - Whitepaper: How IT Quality Managers Respond to SOA Change Xerox - Experience the colorful side of business at www.frugalcolor.com IBM - Webcast: Take control of your content- leverage MOSS HP - Whitepaper: Software Quality Management for SOA AT&T - Thinking about IMS AT&T - Factors to consider when comparing DSL or Cable AT&T - Going mobile with today's technology AT&T - What to expect from a Technology Assessment. Polycom - Telepresence For The Enterprise GoToMyPC - Research Brief: Providing Secure and Cost-Effective Remote Access AppAssure - Keeping the E-Mail Flowing Tripwire - Secure your virtual and physical environments with the same software. CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. Cirba - Advanced Workload Analysis Techniques		Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event Cirba - Consolidating Workloads onto Mainframes AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist