Apple releases Mac OS X security update

Apple Computer released an update Friday for Mac OS X to fix several vulnerabilities that could allow attackers to execute code on unpatched systems.

A total of 15 security vulnerabilities are fixed in the update, which is available on Apple's Downloads page or through its Software Update service. The update fixes flaws in certain features of Mac OS X and Safari, but also Adobe System's Flash Player.

For example, one of the updates fixes a flaw in Safari that could allow malicious sites to appear as trustworthy destinations, complete with the little lock icon, without proper authentication. In this case, the flaw was fixed by disallowing anonymous SSL (Secure Sockets Layer) connections by default, Apple said.

Also covered by the updates are flaws that could allow arbitrary code execution from a malicious JPEG2000 image and ones that could allow local users to take advantage of failed attempts to log in to a network account. The fixes can be downloaded either as Mac OS X version 10.4.8 or as Security Update 2006-006, Apple said, adding that either download will correct the identified flaws.

Apple last updated Mac OS X 10.4 in June, with several patches and bug fixes delivered as Mac OS X version 10.4.7. Last week Apple issued an update to fix serious flaws in its AirPort wireless driver software that could allow Macs to be hijacked through wireless connections. More information on the current batch of updates can be found on Apple's Web site.

[Vegaman_Dan]

Oh my! All Apple Products are horrible!

While we could go on and on about how X company is horrible about putting out any product that is not 100% perfect, I think it's better to applaud any company that acknowledges a problem and takes steps to fix it whether it be Apple or Microsoft.

Good going, Apple. Glad to see patches coming out for the OS.

[DryHeatDave]

I would have posted sooner

I had to stop laughing. It took a while :-)

Yes - ALL SOFTWARE HAS BUGS. (In 1979) I wrote a 5-line BASIC program that had a bug (missing period).

Most of the time though, the problem is NOT the original code - it is that someone is using the software in a way that was not intended - in a way that was NOT specified in the original requirements.

Unless you are working with something like SOA services, fractal realization sucks.

[qwerty75]

lol

X company(MS) is horrible. They don't have the base security that OSX and Linux has. Therefore it is crap.

OSX is not perfect, no one said it was. However, to claim that Winblows is on the same level of *nix because "all software has flaws" is ignorant at best. It shows a total lack of understanding of software and hardware.

To the other guy who couldn't write a perfect 5 line program(a compiler error isn't a bug btw, it is a syntax error), please avoid programming in the future.

A small, well-written program can be shown to be flawless in design. An OS, or hardware flaw might make that program buggy though.

[technewsjunkie]

Apple is being Proactive about Security.

One of the nice things about OS X's UNIX underpinnings is the time
tested security.

That's not to say they won't get hit sometime in the future, but they
treating security as a Feature, not a Liability.

[Tanjore]

Funny how people consider Apple to be proactive

Funny how people believe that Apple is proactive whereas when Microsoft releases a fixes then it is too late. I believe this is a perception issue.

No OS is 100% safe and in current market all of them are trying their best to help consumers and protect themselves from BAD RAP.

[Tanjore]

One more

If these flaws already exisited and they did not get exploited it is purely because hackers just don't care to exploit Mac OS.

[shadowself]

Not just a security update!

This update is NOT just a security update/patch. When Apple issues those it does NOT do a point upgrade to the OS.

This update covers many, many things from updating how a translating widget works to adding RAW camera image support to the OS. Security patches is only a small part of the update.

Once again it would appear theat c|net is only interested in inaccurate/flamboyant reporting.

[grandmasterdibbler]

Hey CNet!

I was wondering if you could say whether the security update contained in 10.4.8 was the same as that downloaded as a separate update a couple of weeks ago?

Thanks!

[Mephux]

???

Dude go find it yourself... Is cnet your mother? ===> Google.com
do learn something.

[No invasion of privacy]

Yes it does

Every 10.x.x update includes all the security patches that have
been released since the prior 10.x.x update. These 15 security
holes that the article refers to are not new - they are the ones
that have been found since 10.4.7 was released and patched
since that time 'til now.

[mhersh]

I see it all the time...

Any time Apple releases ANYTHING with the words "security" in
it, the press goes apeshit. When Microsoft releases a "security
update", it's usually well after a flaw (or usually, MANY FLAWS) is
discovered, exploited or spreading like wildfire. When Apple
releases a "security update", or in this case a SYSTEM UPDATE,
it's usually to patch up a few holes that *could* be exploited.
It's like they're constantly trying to bring Apple down to
Microsoft's level, as far as security is concerned. Since switching
to Mac, I have yet to see my browser hijacked, a virus or a piece
of spyware. Who do these ignorant "journalists" think they are?
It's like they're being payed by Microsoft to write negative
articles about competitors.

[yikes31]

apple: proactive, microsoft: reactive.

Its the reason why apple users generally seem more 'smug' to
windows users. Issues are dealt with before they are identified by
others with malicious intent.
Some people might see reporting on every software and security
update as negative press. I see it as further proof that my
investment in a mac was a sound one!

[Charleston Charge]

Not quite

Cnet is a "tech" site and they are simply reporting the "tech" news. When MS releases patches these are reported too whether something is being exploited or not. These articles are to inform the readers that there are patches out there and you should install them. Taking the article personally is your own agenda.

[jimmysix]

You guys are unbelievable

Whenever a security update comes out for the Mac you report it,
which is understandable, but never do you say that these updates
are for vulnerabilities that as of yet HAVE NOT RESULTED IN ANY
SECURITY PROBLEMS WHATSOEVER and that Apple is fixing them
PREEMPTIVELY. Does Microsoft pay you or what? This biased
reporting has got to stop.

[Vegaman_Dan]

Take your fingers out of your ears and listen

The reason you never hear about any Mac-OS security issues being reported is because you've got your fingers in your ears and shouting "LA LA LA LA LA I CAN'T HEAR YOU!"

There have been exploits in the past and there will be in the future. Whether or not you wish to acknowledge them is up to you. And before you start with the 'prove it' line, just do a search on past discussions. It's a tired argument and one that is flawed from the start.

Apple did the right thing and posted updates. That's fine and commendable. They could just try hiding it as part of an iTunes update instead and never admit any flaws in the OS which has happened before with various companies including MS, Apple, Xerox, etc.

[john55440]

Apple Has Security Flaws, Just Like Microsoft

Apple's "security advantage" is that it has a miniscule market share, so hackers aren't interested in it.

After all, according to IDC, Apple's worldwide market share is in the "others" category, somewhere below that of Fujitsu/Fujitsu Siemens.

[wbenton]

All operating systems have flaws...

But the biggest difference between Apple and Microsoft is that Apple is serious about it's security.

Funniest thing is that I don't even own a MAC... but they're better than Microsoft for sure... (* LOL *)

Nuff said... (* GRIN *)

Walt