Apple fixes hole with Mac OS X image viewing

Apple on Wednesday issued a security update that fixes 18 vulnerabilities including several that put computers running Mac OS X at risk of remote code execution if a maliciously crafted image is viewed.

In addition to fixing a problem with how PNG images are handled, Security Update 2009-003 fixes issues related to ImageIO's handling of OpenEXR images, EXIF metadata, as well as Canon RAW images and images with an embedded ColorSync profile.

The update, which arrives as part of the release of Mac OS X v10.5.8, extends the list of content types the Mac OS X will flag as potentially unsafe when downloaded from the Web. It also fixes a problem with how XML content is handled and resolves the way the kernel handles AppleTalk response packets.

Apple also identified and fixed a problem with MobileMe. Signing out of MobileMe does not remove all credentials and a person with access to the local user account could continue to access associated systems.

[pithenumber]

cue Apple fanboys... Now!

[Perry_Clease]

You were here first.

[tektaktyks]

lol

[kosen11]

No fanboi here, but I do own a macbook pro as well as a dell xps. I'm glad the the raving lemmings of the mac brand continuously get proven wrong about the no viruses thing cus that's just plain stupid. I gladly run an AV on my OSX and every other computer cus as a software developer i know that there is no such thing as bug free code. Working for a MS Gold Partner by day and a self startup iPhone app developer by night i have to say that programming in .NET is way easier than Obj C. Cocoa is like c+++. Why do i still need .h files? Anyways just my 2 cents.

[solitare_pax]

Actually Mac OS can run on a PC box, and Windows can run on a Mac if you know how - it's just easier to do it on a Mac.<br /><br />Besides, most of the problems that Apple seemed to be fixing came over from the PC side of the divide... Ho hum.

[McDaveH]

@dano10000<br /><br />I guess that about sums it up. You need to feel like you're the champions of the world - I just want a computer that works. Who's the zealot now?<br /><br />McD

[goodspeed8701]

Too much worm in the apple

[black jelly bean]

aha! ;-)

[monkeyfun14]

18 vulnerabilities! But I was told by the nice fanboys here that Apple was perfect.

[Perry_Clease]

It is now.

[michael_j_x]

@Perry_Clease <br />"It is now."<br />that's until the next patch is released

[tektaktyks]

lmao

Instead of "lmao", how 'bout you guys take the time to convince us why Windows 7 is going to "revolutionize" the industry. I could probably get a few laughs out of that one myself. Why I bet it'll beat Mac OSX's total recorded vulnerabilities in a week.

[black jelly bean]

But I thought the obsolete-out-of-the-box crApple Mac OS X, which is based on the FREE, 36 year old UNIX operating system is invulnerable to security flaws, viruses and trojan horses? <br />Ooops, I guess they realzied they can't come up with this marketing BS if they have no engineers -- good thing Steve and his gang of retards have read Hitler's Mein Kempf...especially the section where Hitler emphises how the public is so stupid that it forgets about the lies told to them by politicians (and swindling evangelists like Jobs and his gang) <br />Lucky for them nobody seems to care about writing malicious software for crApple's junk because it is only used by the 2% of people out there who are still computer illiterate!

[gggg sssss]

@ the guy with no name - Well, WIndows 7 will sell more copies in a week than OSX in a year for starters

[Perry_Clease]

"the guy with no name - Well, WIndows 7 will sell more copies in a week than OSX in a year for starters'<br /><br />That is probably true, but it doesn't make it better.

[ckh1272]

@monkeyfun14--This is exactly the kind of BS that gets you labeled as the troll you are. Here it is, another Apple story and who is on here shouting to anyone that will hear them (so to speak)?? It's all the people who b---- about "Apple fanboys" being trolls on Microsoft articles. Oh, and monkey, you know good and well nobody has ever said that Macs were perfect. If they did, it was to get a rise out of people like you (and it worked too). If indeed those people exist, then they are just as ignorant as people like you. Prove me wrong.

[ckh1272]

"by black jelly bean August 5, 2009 6:15 PM PDT<br />But I thought the obsolete-out-of-the-box crApple Mac OS X, which is based on the FREE, 36 year old UNIX operating system is invulnerable to security flaws, viruses and trojan horses? <br />Ooops, I guess they realzied they can't come up with this marketing BS if they have no engineers -- good thing Steve and his gang of retards have read Hitler's Mein Kempf...especially the section where Hitler emphises how the public is so stupid that it forgets about the lies told to them by politicians (and swindling evangelists like Jobs and his gang) <br />Lucky for them nobody seems to care about writing malicious software for crApple's junk because it is only used by the 2% of people out there who are still computer illiterate!"<br /><br />@jelly--Isn't that the same BS you were spewing on another post. Are you so busy trolling that you just copy and paste old hogwash. Good job. LOL!!

[McDaveH]

@ black bean jelly<br />"especially the section where Hitler emphises how the public is so stupid that it forgets about the lies told to them by politicians (and swindling evangelists like Jobs and his gang)"<br />As opposed to the lies that make you confuse vulnerabilities with actual security problems!<br /><br />McD

[veilx]

I Hear the Rumbles of the Deep... They will arrive soon enough...<br /><br />:D

[Perry_Clease]

They are not "deep," shallow or shoal water at best.

[tektaktyks]

what can i do but laugh at those macboys...who payed 3 times more for the same machine that u can get outside of apple ...

[Perry_Clease]

At least a Mac keyboard has a shift key.

[baconstang]

@tek_tyke... get a better job instead of sweating about chump change.

[shellcodes_coder]

The Apple tax they payed for keyboard is VULNERABLE TO HACK ATTACK: http://blogs.zdnet.com/hardware/?p=5088<br />That's damn FUNNY

[ckh1272]

@shelly--You are indeed the most delusional poster I have seen in a long time. The guy who wrote that article has no clue, evidently, that you can use any USB keyboard with a Mac. This is the quote in question:"The downside of a closed ecosystem where consumers don?t even get a choice of keyboard." You fail my friend. Oh, and the keylogging thing requires you to be physically hooked up to a computer. I would like to invite this person to try that at my house.

[ckh1272]

@shelly--I hope you also noticed that firmware re-write (which can be done on a Windows keyboard as well) was hooked up to a Windows laptop. Explain to everyone here how that applies to only macs?

[shellcodes_coder]

ckh1272: Before saying anything you might want to google or bing for more info because hackers have already demonstrated it.

[ckh1272]

@shellcodes_coder--Please show me where I denied it. If you had a lick of common sense, you would know that this is something that can be done on the Windows or Mac side (after all, this is a firmware hack not a software, i.e. Windows or Mac). This not brain surgery for any knowledgeable hacker. Also, if you bothered to read a little further, he is working with Apple, which is what a customer would want right? Isn't that the way of the Linux and Windows world? Next time, please don't act like you have some kind of inside knowledge. It will just give you a headache.

[McDaveH]

@ tektaktyks<br />"what can i do but laugh at those macboys...who payed 3 times more for the same machine that u can get outside of apple ..."<br /><br />Except to ponder why we're laughing back at you for not realising the two machines have nothing to do with each other and how you've been distracted by Microsoft into thinking the one choice they give you (which PC to buy) has any significance at all.<br /><br />At least we're both smiling!<br /><br />McD

[setgo]

It's funny how the anti-mac folks are the first ones to comment on an obvious Apple headline. Hey MonkeyFunk, shouldn't you be sleeping under a bridge somewhere?

[monkeyfun14]

No the hobo kicked me out sorry.

[Dalkorian]

OK, I have to admit that make me chuckle monkey boy. Thanks for that!

[monkeyfun14]

I apologise that was trollish. But I just sense a great irony here between the bashing in the WIndows 7 post and this one.<br /><br />Windows 7 has one small issue trolls all over it<br />OSX has 18 and rarely anyone says anything.

[baconstang]

Oh come on. The MS fan club is always out in force whenever the words "security" and "Apple" appear in the same headline.

[monkeyfun14]

Same for the Apple fan club whenever Microsoft and Security appear I know you are.

[shellcodes_coder]

You are wrong man am sure there's more. Remember Charlie Miller? He exploited a security hole that was more than an year old. As usual, this time OS X must win, as usual to prove that it's an OS built with security in...

[Perry_Clease]

"As usual, this time OS X must win"<br /><br />Well you are right about that.

[shellcodes_coder]

Perry_Clease: ya dude it will. It will be the first OS to get nailed in the coffin for the 3rd time ie HATRICK :)<br />And Charlie Miller has stated that anti-exploit mitigation found in Windows are just too difficult to get through

[shellcodes_coder]

Perry_Clease: in the hacking contest

[McDaveH]

@ monkeyfun14<br /><br />Yeah but Windows has real viruses to exploit its 1 issue. OSX has none to exploit its 18<br /><br />McD

[Mr. Dee]

You are telling me after 7 maintenance updates, 1 year of beta testing and these glaring issues are just getting fixed? On top of that, they are charging their users for another patch named Snow Leopard this fall.

[ilovewindowsnot]

Snow Leopard isn't a patch, that's what software updates are for. Have you even used Mac OS X? I mean, have you really used it, as an everyday workflow? If you haven't, then how can you formulate an opinion. That's what a true fan boy is, one who doesn't actually try out the other guy. I have, I've used 95, XP and Vista. I've used OS X, and it's just better. Period. <br /><br />Enjoy your new feature sets with windows 7, enjoy your Microsoft Stores, enjoy your re-worked WinMobile, and enjoy your Zune HD. All wouldn't exists without Apple. And you all know it.

[monkeyfun14]

And Apple wouldn't exist without Microsoft..<br /><br />We all love to forget about when Microsoft save their ***** from bankruptcy in the 90's don't we.<br /><br />And if you honestly believe Apple or any company for that matter would continue to innovate without competition than you are a fool.

[stickfu]

@monkey..<br /><br />Agreed on your competition comment<br /><br />regarding the "bailout"..<br /><br />http://www.roughlydrafted.com/RD/RDM.Tech.Q1.07/592FE887-5CA1-4F30-BD62-407362B533B9.html<br /><br />enjoy

[Mr. Dee]

Good one monkeyfun14

[shellcodes_coder]

Snow Leopard is already an endangered os so dude let it live though Windows 7 will def kill it. And remember when 7 kills it, it won't roar because SL can't ROAR :)

[Perry_Clease]

@ stickfu "http://www.roughlydrafted.com/RD/RDM.Tech.Q1.07/592FE887-5CA1-4F30-BD62-407362B533B9.html"<br /><br />I don't think that the trolls will want to read that story.

[gggg sssss]

@ ilovewindowsnot never used OSX. never been tasered either but I know it is not a plesant experience.

[stickfu]

@shill_coder:<br /><br />Linux is dying, Windows is dying, OSX is dying blah blah blah, no one`s going anywhere for a loooong time<br /><br />K?

[ckh1272]

@Mr. Dee-Just like I told Black Jelly Bean, are you so busy trolling that you have to copy and paste the same statement across multiple discussions??

[ckh1272]

@Mr. Dee &#38; monkeyfun14--The delusional twins!! Maybe you really should read the link that stickfu posted. It might enlighten you for once, but I doubt it. Blinders are more convenient I guess.

[black jelly bean]

But I thought the obsolete-out-of-the-box crApple Mac OS X, which is based on the FREE, 36 year old UNIX operating system is invulnerable to security flaws, viruses and trojan horses? <br />Ooops, I guess they realzied they can't come up with this marketing BS if they have no engineers -- good thing Steve and his gang of retards have read Hitler's Mein Kempf...especially the section where Hitler emphises how the public is so stupid that it forgets about the lies told to them by politicians (and swindling evangelists like Jobs and his gang) <br />Lucky for them nobody seems to care about writing malicious software for crApple's junk because it is only used by the 2% of people out there who are still computer illiterate!

[shellcodes_coder]

Agree with you

[ckh1272]

@black jelly bean--Comment repeat x 3 now. Maybe one day, you too will have an original thought.

[shellcodes_coder]

LOL that's funny. So the world's most advanced security holes have been patched. The OS built with security in mind gets knocked off within seconds in the hacking contest and can be taken control of very easily...I don't get it. So it's an OS built with security in...(not mind though) :)

[Perry_Clease]

Has any of Miller's hacks ever been done in the wild?

[shellcodes_coder]

Perry_Clease: Nope that's because he was not allowed to reveal that security hole

[shellcodes_coder]

Perry_Clease: Anyways why would hackers care about those movie editors?

[fshepinc]

"And if you honestly believe Apple or any company for that matter would continue to innovate without competition than you are a fool."<br /><br />More fools we... A tech company must continue to innovate -if only to sell more stuff to its previous/existing customers. The release of a new OS is more about selling new software than keeping up with the Joneses. Apple's OS market share is tiny compared to MS/Windows' -so there really isn't "competition" between the two companies in a real sense. So why do they continue to update and innovate? To sell more stuff to those that are already in their camp. <br /><br />All of the trolling around here gets to be ridiculous. It's like arguing that chocolate is a better flavor of ice cream than strawberry. It cannot be objectively measured and, in the end, other people's choices don't matter to you at all. If you prefer OS X, great. If you prefer Windows 7, great. Let's get on with life and use our computers to solve some of the world's problems instead of flinging excrement at each other like monkeys in a cage.<br />[CNET editor's note: Offensive language deleted.]

[Paldasan]

Caramel is much better than chocolate or strawberry. :D

[ckh1272]

I agree. It gets beyond redundant with some of these people. Just look at all the "copy and paste" comments across multiple discussions.

[useful_worms]

The difference is Mac OS X isn't running the FBI's VICAP database or the United States power grid. If it were, OS X would be an entirely different beast under the hood and they would have as many patches and fixes as Windows. <br /><br />Now, let's all put away our claws and have a burrito or something.

[shellcodes_coder]

LOL this is funny: Apple keyboard vulnerable to hack attack: http://blogs.zdnet.com/hardware/?p=5088<br /><br />Well Apple users, time to switch to Microsoft keyboard and mice (at least it has two buttons, unlike your older Apple mice)

[Perry_Clease]

"time to switch to Microsoft keyboard and mice (at least it has two buttons, unlike your older Apple mice)"<br /><br />Only two buttons! You guys are so obsolete

[shellcodes_coder]

*mouse

[shellcodes_coder]

Perry_Clease: It took Apple so many years to realize that two buttons were needed. Well they have finally realized that a 64-bit kernel is needed for movie editors ie mac users. Anyways, I have been using XP x64, Vista x64, 7 x64 and 64-bit linux for ages. Not bad though!!

[gigogogogown]

nanny nanny poo poo!

[gigogogogown]

just thought I would add some intelligence to this forum.

[Dalkorian]

Yet somehow you totally failed to do so. Amazing.

[gigogogogown]

I was trying to be funny. I guess I failed.<br /><br />Well, you asked for it. It seems that so many comments after a news item just degenerate to a juvenile level. "See, Macs suck." "Well, Windows sucks worse." and on and on.<br /><br />Why I remember programming on a Prime 750 minicomputer, and near my desk was a Data General with a Tektronix terminal which was used to track movements of zooplankton for a marine biologist. I enjoyed working on the Prime, but I didn't tell the scientist "DG sux, Prime is better!" You use the right tool for the job.<br /><br />I use Windows, Macs and Linux systems. They each have their good points and bad points. Personally, I own both. My favorite is Mac OS X. I have a Mac Book Pro. But I bought my wife a Windows computer, because she needs to deal with the PTO, church, etc. who use MS Publisher or Lotus Smart Suite for example. One thing I like about the Mac is the interface does not get in my way. Windows seems to build all these layers between you and the computer, with multiple dialog boxes, wizards, etc. Just dealing with the Control Panel is a pain as you are presented with too many choices and decision points before you can get to what you want to configure. And adding a printer - why is a printer with a network card and an IP address not considered a network printer by the Windows printer wizard?<br /><br />And any system is going to have weaknesses, because they are designed by humans who are not perfect. I am a programmer, but I spend too much time cleaning up Windows systems with viruses, trojans, worms, etc. I have yet to do this for Macs. Yes, they have problems. I have had to do clean installs. But by far, the majority of issues that I have to fix are on Windows computers. Macs have vulnerabilities, but Windows is the one with the problems.<br /><br />Anyway, the sun should be coming up soon. Have a nice day.

[sdotbailey4]

you people are idiots.

[akira2501]

windows is awesome for serious business. Macs are better for creative stuff. That's pretty much the diff as I see it. Windows is always going to be attacked for it runs the world. If everything ran on osx, it would be under constant attack as well. But for now, with people and businesses using them mainly for creative work, there just isn't enough of an incentive to develop viruses and trojans for it. What are you going to steal, a video or pic collection. Awesome ... . not.

[akira2501]

windows is awesome for serious business. Macs are better for creative stuff. That's pretty much the diff as I see it. Windows is always going to be attacked for it runs the world. If everything ran on osx, it would be under constant attack as well. But for now, with people and businesses using them mainly for creative work, there just isn't enough of an incentive to develop viruses and trojans for it. What are you going to steal, a video or pic collection. Awesome ... . not.

[tektaktyks]

i agree with u ,but how are they better for creative stuff?i think it was years ago,now windows is as good as osx for creative stuff,except for final cut...

[tektaktyks]

what i would really like to c is osx and 7 on the same machine and running avid mc,adobe ae,ps and stuff like that and compering the performance,can u do it cnet.com? ( i posted it on another topic,maybe somebody will do it)

[regulas1]

I love these Mac haters on this post. The closest these little trolls have ever been to OS X is at their local Best Buy store. They maybe played with it for a minute or so and now post on sites and run their mouths as if they were OS X experts, LOL.<br />You Mac haters keep your Windose and make sure your Virus definitions are up to date and your Spyware definitions up to date as well. Me, I will just allow Apple to find and fix any flaws they come across like in this article and not worry about the rest. Enjoy your Swiss Cheese OS MS trolls.

[XiroMisho]

The patching has begun. Put an AV on that MAC OSX - soon the toolbars will come... and when the toolbars come, will be the doom of the OS's security.<br /><br />(I believe that tool-bars are signal handily responsible for just about all stolen passwords and userdata and virus infections.... just me though.)

[stargatefan1]

i spend years with both windows and apple. i hadn't used mac for a while until recently. and wouldn't go back to windows. i got tired of all the issue with windows. and anyone who thinks one is better because of the quantity or quality of updates, does that matter? no piece of software is going to be perfect.