Apple fixes 15 flaws in Mac OS X

Apple Computer released an update to its Mac OS X operating system on Tuesday to fix 15 security issues in the software.

Many of the problems are flaws in the operating system's underlying open-source software, including a critical flaw in the Kerberos authentication system--software that can act as a gatekeeper for computer networks. The patch is available for Mac OS X 10.3.5 and Mac OS X 10.3.4, and also fixes issues in Mac OS X 10.2, known as "Jaguar."

"This bit of news should serve notice to ALL computer users/administrators that no platform is completely secure from security bugs. Since both Apple and Windows users are now openly living in glass houses, let's hope that the senseless and infantile stone-throwing will start to die down."
--Tex Murphy

"All security enhancements...are also available for Jaguar, if the issue could occur on Jaguar systems," a security advisory from the company said.

The patch fixes software flaws that could enable an attacker to crash or freeze the Apache 2 Web server, run software by utilizing Apple's Safari Web browser or expose the password store used by the network. Security information provider Secunia ranked the Kerberos threat as "highly critical," its second-highest danger rating.

Apple has pointed to open-source software as a source of security for the company's operating system. While open-source projects tend to release patches as soon as possible, Apple and other companies have moved to more occasional releases of collections of patches.

Microsoft releases fixes once a month, a move that database software maker Oracle has started to do this month as well.

Apple's advisory, with details of the update, is available on the company's Web site.

[marlow714]

surprise surprise surprise

I wonder how many they (and the media) dont tell us about?

[Steve Bryan]

conspiracy?

Your cynical remark seems to indicate a superior insight into
this unseemly plot by the Illuminati. But that leads us to the
question of what information you are supressing.

[alek_nedic]

I wonder

http://www.analogstereo.com/vacuum/miele_types.htm

[Jon N.]

The true tragedy...

You Appleheads were so cocky & sure that there were no problems with your platform! Now the truth is revealed, & it seems that your technology is just as flawed & imperfect as the rest {i.e., Windows}. I think the reason that the media & other sources try to cover up these flaws with OSX, Apple, Inc. included, is because the Apple Company has build a very successful propaganda machine for its customers since the 1970's. Most buy into it. Hate M$! Hate ALL other platforms! Only love Apple, because we are the coolest! There are going to be more "flaws" & more "fixes" ahead for those with Macs. The market share for Apple is growing, due to the intense popularity of the iPod & iTunes.
You know what THAT means: more cyber-jackasses trying to destroy our computers & steal sensitive information.
Well, hey Appleheads! Welcome to the PC hell that we've had to endure in for years. The true tragedy is, that your problems are just beginning.
My sincere hope is that you Appleheads don't have to survive another "Hare Krishna" or "Sasser/Blaster" type episode that we PC/M$ owners had to endure!

[Steve Bryan]

The real issue

No, no, no. The strength of open source (and OS X is only based
on open source components, it includes non-open parts) with
respect to security is that rather than a select few being able to
check for security errors, anyone has the opportunity to do so.
In other words security flaws cannot be buried by executives
who are more interested in image than substance.

There is NO guarantee of an absence of flaws. Only someone
who has not paid sufficient attention would think that is what is
claimed. Humans make mistakes and that situation is not going
to change. Empirically what we have learned the difference is
that security flaws are more likely to be addressed in a timely
fashion with open source.

This is not the first time there has been a patch made available
by Apple to address potential security risks. If you weren't just
shooting your mouth off you would probably be aware of that.
The scum that try to screw up computers and networks also
have access to open source to look for exploits. You might
expect that would lead to more security breaches but empirically
you would be wrong. There is no guarantee this will continue to
be the case but to many of us that seems likely.

[shane--2008]

not really....

"Well, hey Appleheads! Welcome to the PC hell that we've had to
endure in for years. The true tragedy is, that your problems are
just beginning. "

actually, when a computer company updates their OS _before_
the crackers exploit the flaws, that is _good_ for you. you are
just so use to being reamed by MS that you expect all updates to
be bad news. Apple fixed the flaws first. and they have been
doing so for years. no problems yet.

it is the "plug the leak after the water starts flowing in" approach
that Apple is avoiding here, and that MS is so good at, that
causes the trouble.

"My sincere hope is that you Appleheads don't have to survive
another "Hare Krishna" or "Sasser/Blaster" type episode that we
PC/M$ owners had to endure!"

if you knew anything at all about the structure of UNIX, OS X, or
general security, you wouldn't be worried. we won't have to
endure that kind of treatment. ever.

the question is, when Apple has a very secure OS, with UNIX
power and top of the line machines come with dual CPUs that
match or outpace the fastest from intel, and all the office and
productivity and OS software 99% of users need, why are you
still putting up with it year after year from MS?

you have a SM streak? ;-)

Why does CNET bury stories like this?

Why does CNET give this story three small paragraphs and a sub-headline, while MS security stories warrant full-blown media coverage?

You just KNOW that if this was a MS-related story that it would have been given a 48-point Bold Helvetica headline titled something like "MS fixes yet another batch of security holes".

But hey, nobody ever expected the media to be fair and balanced, right?

[Jon N.]

You know why?

Why? Because Microsoft is on top. Its just like the lives of Hollywood Moviestars. Everything that happens - either to them or about them, gets put under the media microscope & thrust into the lime-light! Joe, I also pine for the day when media reporting is "fair" & "balanced"!!!

[S R]

This is the reason.

Well, if you read the article, they do not mention what 15 holes
were patched.

The holes that were pointed out (by Secunia) are so complex
that you would rather steal their computer physically than hack
into their system remotely. In addition, all apple systems come
with "root" user diabled. (Well, if you don't know what root user
is, you don't have to worry about security. You are safe by
default.) The chances of exploiting such holes are extremely
rare.

CNET is like reporting things.. The writers are NOT
JOURNALISTS. So, as this story lacks supporting statements, it is
not given enough substance. They just want to make everyone
feel that OS X is as vulnerable as Windows by providing very
little information to confuse those who just believe only in
reading headlines.

[swift2--2008]

MS = FOX NEWS?

The argumentation seems the same.

Undoubtedly, there probably still are vulnerabilities to the Mac
OS. To realize that is the source of security. And the strength of
open source, and BSD Unix, is that it has been through the
wringer for 25 years, and has been strengthened by tens of
thousands of hands.

The renewed popularity of the Mac platform will no doubt lead
to assaults on it. Eternal vigilance, in this world where an
unprotected Windows computer is infected within 16 minutes, is
the price of computing.

Of course, the writer of this story leaned over backwards to try
and show it as a weakness "the same to MS". Believe me, there is
no similarity.

[Tex Murphy PI]

Shock and Awe

Wow! Apparently, Microsoft doesn't appear to hold the monopoly on security holes in their OS. It also appears that Apple is even better at keeping these holes from the public at large!

This bit of news should serve notice to ALL computer users/administrators that no platform is completely secure from security bugs.

Since both Apple and Windows users are now openly living in glass houses, let's hope that the senseless and infantile stone throwing will start to die down.

[zarathustra911]

Missed a point, though...

Just like someone else said in a previous post, Apple released a
security update before thousands of machines came down with a
virus/trojan/whatever.

Microsoft releases security patches after there is a known
outbreak and the vulnerability is exposed.

It is a preventative measure.

Besides, if you would have read what the actual fixes were, the
likelihood of being exposed before the Security update were very
miniscule.

You had to fulfill so many variables to get exposed that I can
compare it to trying to dig through a trash bin in a hospital full
of disposed syringes with open wounds. Unless you work there
and you don't know what you are reaching into you might never
get hurt.

[Steve Bryan]

Trolls

What is it about this story that is bringing out all the trolls? A
security patch update for Mac OS X is NOT an unusual event.
They happen with regularity. The claim of open source in
general and OS X in particular is not that there are never any
security related flaws. That is not the claim. Repeat that three
times or until it registers. The claim is that there are fewer
security exploits because of the way security flaws are handled.

Are you claiming that is not the case? I suppose Apple has as
many pinhead executives as Microsoft who would be willing to
lie and deceive and try to sweep stories of security flaws under
the rug and hope the problems will go away. But with open
source they don't have control over the people who report these
potential problems. So they tend to be forced to deal with the
flaws before they become exploited. Is that really so hard to
understand?

[Richard Pitre]

why is this news

Why is this news ?
Apple has been continuously releasing security updates for a
long time now. These updates seem to do their job very well. I
take it from the hoopla and the nyaa-nyaa that this is a sensitive
issue with Windows users. It makes me think that Windows users
are not so fortunate in this regard i.e. security breaches
significiantly impact performance on a day to day basis for the
average Windows user.

[BazNZ]

Why is this news

Why is this news?
Look to the top of the page. Next to be big red circle, it says ?News.Com Tech News First?.
Maybe Windows users are getting sick of hearing Mac users singing the same [i]tune?
I guess your perspective changes when the shoe is on the other foot.

[Old babe]

Apples and sour grapes

Although not a techie, I have used both Apples and PCs.
Perhaps BECAUSE I'm not a techie, I find Apples simpler and
less hassle to work with. Even without technical expertise, I've
been aware of security updates by both. What I haven't seen are
front page articles about widespread problems from infected
Macs, or any infected Macs at all. I feel bad for my relatives and
co-workers with problems, not cocky.

Well, here's some links to get you started

You might want to check out:

http://www.techworld.com/security/news/index.cfm?newsid=1798

Then, have a look at:

http://www.linuxworld.com.au/index.php/id;554502920;fp;2;fpid;1

Finally, for dessert, try:

http://www.vnunet.com/news/1128907

Tex is always right & Gates is God

Tex, how much M$ stock do you own that you are so blinded by
their monopoly propoganda?
POINT to the article is that YES ALL OSs are vunerable to viruses.
Apple has never said that OSX will NEVER get a virus.
OSX open source / Unix / Darwin core are LESS vunerable than
MS OS (95/98/ME/NT/2000/XP......) ALL software manufactures
put out patches to their OSs.
Get a clue TEX, Get a life & take a chill pill dude.
-Eyes wide open in Seattle-

Sounds like YOU'RE the blind one

You accuse Tex of being blind, yet you spout the standard OSS propaganda.

The POINT is that OSS is NOT necessarily "more secure" than Windows:

Have a look:

http://www.techworld.com/security/news/index.cfm?newsid=1798
http://www.linuxworld.com.au/index.php/id;554502920;fp;2;fpid;1
http://www.vnunet.com/news/1128907

[volterwd]

why msblast patch was relevant in my previous statement

... because it was the largest outbreak of any ms vulnerability (to the best of my knowledge, and dont flame me if im wrong... correct me) and if people patched early then we wouldnt have these problems

[Fritz W]

deluded...

Every single program ever written has weaknesses. If the
company is still producing software they are fixing security
flaws. Some of you are surprised to hear Mac OS 10 has
weakness. Others are happy to hear there is weakness to OS 10.

There is no true security, just degree of weakness. I use both
Windows and Mac. It is obvious to any developer out there, why
Apple would switch from a weak unsecured OS 9, to a more
structurally sound BSD based OS. Apple took a big hit for it. But
now the benefits maybe become visible those whom weren't
aware. Overzealous Windows users, get off it. Windows has the
majority, but that doesn't excuse it from being the media cover
story because it is still the weakest on a list of new world
Operating Systems including:

FreeBSD
Debian
Solaris
Irix
Linux
Mac OS
GNU
...
...
...
... Last and least with regard to security, (from product initial
release to current),
Windows XP, which is not the even the most user friendly.

They all have security updates, if they are any kind of even half
decent OS.

[alek_nedic]

Apple took a big hit

http://www.analogstereo.com/vacuum/miele_tools.htm