September 7, 2004 5:22 PM PDT

Apple fixes 15 flaws in Mac OS X

Apple Computer released an update to its Mac OS X operating system on Tuesday to fix 15 security issues in the software.

Many of the problems are flaws in the operating system's underlying open-source software, including a critical flaw in the Kerberos authentication system--software that can act as a gatekeeper for computer networks. The patch is available for Mac OS X 10.3.5 and Mac OS X 10.3.4, and also fixes issues in Mac OS X 10.2, known as "Jaguar."

"All security enhancements...are also available for Jaguar, if the issue could occur on Jaguar systems," a security advisory from the company said.

The patch fixes software flaws that could enable an attacker to crash or freeze the Apache 2 Web server, run software by utilizing Apple's Safari Web browser or expose the password store used by the network. Security information provider Secunia ranked the Kerberos threat as "highly critical," its second-highest danger rating.

Apple has pointed to open-source software as a source of security for the company's operating system. While open-source projects tend to release patches as soon as possible, Apple and other companies have moved to more occasional releases of collections of patches.

Microsoft releases fixes once a month, a move that database software maker Oracle has started to do this month as well.

Apple's advisory, with details of the update, is available on the company's Web site.

33 comments

Join the conversation!
Add your comment
surprise surprise surprise
I wonder how many they (and the media) dont tell us about?
Posted by marlow714 (29 comments )
Reply Link Flag
conspiracy?
Your cynical remark seems to indicate a superior insight into
this unseemly plot by the Illuminati. But that leads us to the
question of what information you are supressing.
Posted by Steve Bryan (92 comments )
Link Flag
The true tragedy...
You Appleheads were so cocky & sure that there were no problems with your platform! Now the truth is revealed, & it seems that your technology is just as flawed & imperfect as the rest {i.e., Windows}. I think the reason that the media & other sources try to cover up these flaws with OSX, Apple, Inc. included, is because the Apple Company has build a very successful propaganda machine for its customers since the 1970's. Most buy into it. Hate M$! Hate ALL other platforms! Only love Apple, because we are the coolest! There are going to be more "flaws" & more "fixes" ahead for those with Macs. The market share for Apple is growing, due to the intense popularity of the iPod & iTunes.
You know what THAT means: more cyber-jackasses trying to destroy our computers & steal sensitive information.
Well, hey Appleheads! Welcome to the PC hell that we've had to endure in for years. The true tragedy is, that your problems are just beginning.
My sincere hope is that you Appleheads don't have to survive another "Hare Krishna" or "Sasser/Blaster" type episode that we PC/M$ owners had to endure!
Posted by Jon N. (182 comments )
Reply Link Flag
The real issue
No, no, no. The strength of open source (and OS X is only based
on open source components, it includes non-open parts) with
respect to security is that rather than a select few being able to
check for security errors, anyone has the opportunity to do so.
In other words security flaws cannot be buried by executives
who are more interested in image than substance.

There is NO guarantee of an absence of flaws. Only someone
who has not paid sufficient attention would think that is what is
claimed. Humans make mistakes and that situation is not going
to change. Empirically what we have learned the difference is
that security flaws are more likely to be addressed in a timely
fashion with open source.

This is not the first time there has been a patch made available
by Apple to address potential security risks. If you weren't just
shooting your mouth off you would probably be aware of that.
The scum that try to screw up computers and networks also
have access to open source to look for exploits. You might
expect that would lead to more security breaches but empirically
you would be wrong. There is no guarantee this will continue to
be the case but to many of us that seems likely.
Posted by Steve Bryan (92 comments )
Link Flag
not really....
"Well, hey Appleheads! Welcome to the PC hell that we've had to
endure in for years. The true tragedy is, that your problems are
just beginning. "

actually, when a computer company updates their OS _before_
the crackers exploit the flaws, that is _good_ for you. you are
just so use to being reamed by MS that you expect all updates to
be bad news. Apple fixed the flaws first. and they have been
doing so for years. no problems yet.

it is the "plug the leak after the water starts flowing in" approach
that Apple is avoiding here, and that MS is so good at, that
causes the trouble.

"My sincere hope is that you Appleheads don't have to survive
another "Hare Krishna" or "Sasser/Blaster" type episode that we
PC/M$ owners had to endure!"

if you knew anything at all about the structure of UNIX, OS X, or
general security, you wouldn't be worried. we won't have to
endure that kind of treatment. ever.

the question is, when Apple has a very secure OS, with UNIX
power and top of the line machines come with dual CPUs that
match or outpace the fastest from intel, and all the office and
productivity and OS software 99% of users need, why are you
still putting up with it year after year from MS?

you have a SM streak? ;-)
Posted by shane--2008 (343 comments )
Link Flag
Why does CNET bury stories like this?
Why does CNET give this story three small paragraphs and a sub-headline, while MS security stories warrant full-blown media coverage?

You just KNOW that if this was a MS-related story that it would have been given a 48-point Bold Helvetica headline titled something like "MS fixes yet another batch of security holes".

But hey, nobody ever expected the media to be fair and balanced, right?
Posted by (127 comments )
Reply Link Flag
You know why?
Why? Because Microsoft is on top. Its just like the lives of Hollywood Moviestars. Everything that happens - either to them or about them, gets put under the media microscope & thrust into the lime-light! Joe, I also pine for the day when media reporting is "fair" & "balanced"!!!
Posted by Jon N. (182 comments )
Link Flag
This is the reason.
Well, if you read the article, they do not mention what 15 holes
were patched.

The holes that were pointed out (by Secunia) are so complex
that you would rather steal their computer physically than hack
into their system remotely. In addition, all apple systems come
with "root" user diabled. (Well, if you don't know what root user
is, you don't have to worry about security. You are safe by
default.) The chances of exploiting such holes are extremely
rare.

CNET is like reporting things.. The writers are NOT
JOURNALISTS. So, as this story lacks supporting statements, it is
not given enough substance. They just want to make everyone
feel that OS X is as vulnerable as Windows by providing very
little information to confuse those who just believe only in
reading headlines.
Posted by S R (85 comments )
Link Flag
MS = FOX NEWS?
The argumentation seems the same.

Undoubtedly, there probably still are vulnerabilities to the Mac
OS. To realize that is the source of security. And the strength of
open source, and BSD Unix, is that it has been through the
wringer for 25 years, and has been strengthened by tens of
thousands of hands.

The renewed popularity of the Mac platform will no doubt lead
to assaults on it. Eternal vigilance, in this world where an
unprotected Windows computer is infected within 16 minutes, is
the price of computing.

Of course, the writer of this story leaned over backwards to try
and show it as a weakness "the same to MS". Believe me, there is
no similarity.
Posted by swift2--2008 (197 comments )
Reply Link Flag
Shock and Awe
Wow! Apparently, Microsoft doesn't appear to hold the monopoly on security holes in their OS. It also appears that Apple is even better at keeping these holes from the public at large!

This bit of news should serve notice to ALL computer users/administrators that no platform is completely secure from security bugs.

Since both Apple and Windows users are now openly living in glass houses, let's hope that the senseless and infantile stone throwing will start to die down.
Posted by Tex Murphy PI (165 comments )
Reply Link Flag
Missed a point, though...
Just like someone else said in a previous post, Apple released a
security update before thousands of machines came down with a
virus/trojan/whatever.

Microsoft releases security patches after there is a known
outbreak and the vulnerability is exposed.

It is a preventative measure.

Besides, if you would have read what the actual fixes were, the
likelihood of being exposed before the Security update were very
miniscule.

You had to fulfill so many variables to get exposed that I can
compare it to trying to dig through a trash bin in a hospital full
of disposed syringes with open wounds. Unless you work there
and you don't know what you are reaching into you might never
get hurt.
Posted by zarathustra911 (35 comments )
Link Flag
Trolls
What is it about this story that is bringing out all the trolls? A
security patch update for Mac OS X is NOT an unusual event.
They happen with regularity. The claim of open source in
general and OS X in particular is not that there are never any
security related flaws. That is not the claim. Repeat that three
times or until it registers. The claim is that there are fewer
security exploits because of the way security flaws are handled.

Are you claiming that is not the case? I suppose Apple has as
many pinhead executives as Microsoft who would be willing to
lie and deceive and try to sweep stories of security flaws under
the rug and hope the problems will go away. But with open
source they don't have control over the people who report these
potential problems. So they tend to be forced to deal with the
flaws before they become exploited. Is that really so hard to
understand?
Posted by Steve Bryan (92 comments )
Link Flag
why is this news
Why is this news ?
Apple has been continuously releasing security updates for a
long time now. These updates seem to do their job very well. I
take it from the hoopla and the nyaa-nyaa that this is a sensitive
issue with Windows users. It makes me think that Windows users
are not so fortunate in this regard i.e. security breaches
significiantly impact performance on a day to day basis for the
average Windows user.
Posted by Richard Pitre (8 comments )
Reply Link Flag
Why is this news
Why is this news?
Look to the top of the page. Next to be big red circle, it says ?News.Com Tech News First?.
Maybe Windows users are getting sick of hearing Mac users singing the same [i]tune?
I guess your perspective changes when the shoe is on the other foot.
Posted by BazNZ (81 comments )
Link Flag
Apples and sour grapes
Although not a techie, I have used both Apples and PCs.
Perhaps BECAUSE I'm not a techie, I find Apples simpler and
less hassle to work with. Even without technical expertise, I've
been aware of security updates by both. What I haven't seen are
front page articles about widespread problems from infected
Macs, or any infected Macs at all. I feel bad for my relatives and
co-workers with problems, not cocky.
Posted by Old babe (3 comments )
Reply Link Flag
Well, here's some links to get you started
You might want to check out:

<a class="jive-link-external" href="http://www.techworld.com/security/news/index.cfm?newsid=1798" target="_newWindow">http://www.techworld.com/security/news/index.cfm?newsid=1798</a>

Then, have a look at:

<a class="jive-link-external" href="http://www.linuxworld.com.au/index.php/id;554502920;fp;2;fpid;1" target="_newWindow">http://www.linuxworld.com.au/index.php/id;554502920;fp;2;fpid;1</a>

Finally, for dessert, try:

<a class="jive-link-external" href="http://www.vnunet.com/news/1128907" target="_newWindow">http://www.vnunet.com/news/1128907</a>
Posted by (127 comments )
Link Flag
Tex is always right & Gates is God
Tex, how much M$ stock do you own that you are so blinded by
their monopoly propoganda?
POINT to the article is that YES ALL OSs are vunerable to viruses.
Apple has never said that OSX will NEVER get a virus.
OSX open source / Unix / Darwin core are LESS vunerable than
MS OS (95/98/ME/NT/2000/XP......) ALL software manufactures
put out patches to their OSs.
Get a clue TEX, Get a life &#38; take a chill pill dude.
-Eyes wide open in Seattle-
Posted by (71 comments )
Reply Link Flag
Sounds like YOU'RE the blind one
You accuse Tex of being blind, yet you spout the standard OSS propaganda.

The POINT is that OSS is NOT necessarily "more secure" than Windows:

Have a look:

<a class="jive-link-external" href="http://www.techworld.com/security/news/index.cfm?newsid=1798" target="_newWindow">http://www.techworld.com/security/news/index.cfm?newsid=1798</a>
<a class="jive-link-external" href="http://www.linuxworld.com.au/index.php/id;554502920;fp;2;fpid;1" target="_newWindow">http://www.linuxworld.com.au/index.php/id;554502920;fp;2;fpid;1</a>
<a class="jive-link-external" href="http://www.vnunet.com/news/1128907" target="_newWindow">http://www.vnunet.com/news/1128907</a>
Posted by (127 comments )
Link Flag
why msblast patch was relevant in my previous statement
... because it was the largest outbreak of any ms vulnerability (to the best of my knowledge, and dont flame me if im wrong... correct me) and if people patched early then we wouldnt have these problems
Posted by volterwd (466 comments )
Reply Link Flag
deluded...
Every single program ever written has weaknesses. If the
company is still producing software they are fixing security
flaws. Some of you are surprised to hear Mac OS 10 has
weakness. Others are happy to hear there is weakness to OS 10.

There is no true security, just degree of weakness. I use both
Windows and Mac. It is obvious to any developer out there, why
Apple would switch from a weak unsecured OS 9, to a more
structurally sound BSD based OS. Apple took a big hit for it. But
now the benefits maybe become visible those whom weren't
aware. Overzealous Windows users, get off it. Windows has the
majority, but that doesn't excuse it from being the media cover
story because it is still the weakest on a list of new world
Operating Systems including:

FreeBSD
Debian
Solaris
Irix
Linux
Mac OS
GNU
...
...
...
... Last and least with regard to security, (from product initial
release to current),
Windows XP, which is not the even the most user friendly.

They all have security updates, if they are any kind of even half
decent OS.
Posted by Fritz W (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.