Apple patches Mac OS X flaws

Apple Computer has released nearly a dozen fixes for flaws in its Mac OS operating system, including a script for preventing phishers from fooling users of its Safari browser.

The script, released Monday, tackles a pernicious phishing problem in browsers. The loophole could allow an attacker to use certain characters from different languages to create legitimate-looking Web addresses that actually send victims to malicious Web sites. The security problem affected all browsers that supported Internationalized Domain Names, or IDN, and is not Apple-specific.

Related feature
Have you been phished?

Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.

"For example, the Cyrillic letter 'a' could be used in place of the Latin letter 'a,' making it difficult for a user to tell if they are at www.apple.com or a malicious imposter website that's designed to look like the real one," the company said in an advisory discussing the problem. "These sites can be used to collect account numbers, passwords and other personal information."

Other browsers affected by the IDN security issue include the Mozilla Foundation's Mozilla and Firefox, and Opera. Both Mozilla and Opera Software have issued fixes for the problem. Microsoft's Internet Explorer does not support IDN, so it is not vulnerable to such attacks. However, plug-ins that add IDN functionality to Internet Explorer do put it at risk.

The newly released patches take care of flaws in the Apple Filing Protocol server and the Samba filing-sharing server, as well as multiple issues with the Cyrus authentication software, Mailman, SquirrelMail and Cyrus mail software.

The patches can be downloaded from Apple's Web site or automatically installed via Apple's Software Update tool.

[Dibbs]

just 12?

whoop-dee-doo! a dozen fixes! don't we windows users do that in about a month? i know i do, including all third-party apps. ok that may be a bit extreme, but really 12 fixes sounds pretty good to me. four years of patches and panic attacks is all i've gotten from XP. i think apple might have me as a customer when i look for my next system.

[Dibbs]

just 12?

whoop-dee-doo! a dozen fixes! don't we windows users do that in about a month? i know i do, including all third-party apps. ok that may be a bit extreme, but really 12 fixes sounds pretty good to me. four years of patches and panic attacks is all i've gotten from XP. i think apple might have me as a customer when i look for my next system.

[Terry Murphy]

Flaws?

So why is it that when Microsoft issues it's plethora of patches to
it's Windows OS, it reported with headlines such as "Windows
glitches to get fixes" or "Microsoft releases 'critical' patches" or
my own personal favorite, "Microsoft takes a patch breather..."

But when Apple releases security updates to OS X, it's reported
as "Apple patches Mac OS X...flaws."

Flaws? I wonder which OS here is truly deserving of being
described as flawed?

[Bill Dautrive]

Which one?

How about the OS that has dozens of new flaws found nearly every month, even though its 'newest' desktop version is what, 4 years old? Out of the 3 main desktop OSes(Windows, Linux, & Mac), that is #1 by a long way.

So, for unwavering commitment to finding new ways to shove out code, way past their own deadlines, but yet managing to still make it buggy, bloated and flawed to the extreme. I hereby award Microsoft the Lifetime Flawed OS award.

I hope they enjoyed it, it was well earned.

I would give Apple the Piggyback to Respectability award, since the mac OSes were garbage before OSX. But at least they learned, and actually did something positive, not only by using BSD, but creating a slick interface, which is not to be underestimated. Who knows, perhaps in 3-5 years Mac will be the choice of clueless people everywhere, and Windows will fade to the background. The internet and machines everywhere will be safer for it.

But I am a creature of habit and love the flexibility, configurability, security, and stability, so I will stick with my SuSe Linux distro, and only boot up windows for games. That is until a decent DX emulator is created.

Because

Apple fixes security issues BEFORE they've been plastered all over the internet, and before they've been exploited. Microsoft waits till others find the flaws and exploit them and cause users grief. I use Winblows at work and OS X at home. My home machine has run for three weeks straight without a restart. My work computer, has been restarted 3 times this WEEK, and its only tuesday.

Mac is God. Tiger will be insanely cool. I've heard about the more in-depth features (encrypted chat, and stuff like that) and lemme tell ya.... IF it's as speedy and reliable as Panther, Longhorn will look like Windows 95 compared to this.

[Terry Murphy]

Flaws?

So why is it that when Microsoft issues it's plethora of patches to
it's Windows OS, it reported with headlines such as "Windows
glitches to get fixes" or "Microsoft releases 'critical' patches" or
my own personal favorite, "Microsoft takes a patch breather..."

But when Apple releases security updates to OS X, it's reported
as "Apple patches Mac OS X...flaws."

Flaws? I wonder which OS here is truly deserving of being
described as flawed?

[Bill Dautrive]

Which one?

How about the OS that has dozens of new flaws found nearly every month, even though its 'newest' desktop version is what, 4 years old? Out of the 3 main desktop OSes(Windows, Linux, & Mac), that is #1 by a long way.

So, for unwavering commitment to finding new ways to shove out code, way past their own deadlines, but yet managing to still make it buggy, bloated and flawed to the extreme. I hereby award Microsoft the Lifetime Flawed OS award.

I hope they enjoyed it, it was well earned.

I would give Apple the Piggyback to Respectability award, since the mac OSes were garbage before OSX. But at least they learned, and actually did something positive, not only by using BSD, but creating a slick interface, which is not to be underestimated. Who knows, perhaps in 3-5 years Mac will be the choice of clueless people everywhere, and Windows will fade to the background. The internet and machines everywhere will be safer for it.

But I am a creature of habit and love the flexibility, configurability, security, and stability, so I will stick with my SuSe Linux distro, and only boot up windows for games. That is until a decent DX emulator is created.

Because

Apple fixes security issues BEFORE they've been plastered all over the internet, and before they've been exploited. Microsoft waits till others find the flaws and exploit them and cause users grief. I use Winblows at work and OS X at home. My home machine has run for three weeks straight without a restart. My work computer, has been restarted 3 times this WEEK, and its only tuesday.

Mac is God. Tiger will be insanely cool. I've heard about the more in-depth features (encrypted chat, and stuff like that) and lemme tell ya.... IF it's as speedy and reliable as Panther, Longhorn will look like Windows 95 compared to this.

Yes. Flaws....

As in huge mistakes within the underlying operating system; only to be discovered by superior programmers who would never take a job from such a proprietary kind of guy.

[John Kuzak]

huge mistakes

http://www.analogstereo.com/nissan_pathfinder_owners_manual.htm

Yes. Flaws....

As in huge mistakes within the underlying operating system; only to be discovered by superior programmers who would never take a job from such a proprietary kind of guy.

[John Kuzak]

huge mistakes

http://www.analogstereo.com/nissan_pathfinder_owners_manual.htm

[iKenny]

On Mac OS X security

Sure, every major system has flaws. I'd be far more concerned if
Apple weren't releasing security fixes. Many of the security fixes
Apple releases solve problems in the UNIX code they use rather
than in the Apple-specific coding that also makes up OS X. In
addition, OS X will always have the benefit of having a disabled
root user that cannot be accessed without user intervention,
which Windows lacks. I suspect eventually we'll see some
viruses/worms for OS X now that their marketshare has begun to
climb again, but I also believe that Mac OS X is an inherently
more secure operating system simply because of its architecture
and the age of Windows.

[Tex Murphy PI]

It will take more than MS to fix Windows

A lot of security problems can be easily laid down on Microsoft's door - especially that of everyone having root privilages.

However, if MS were to start limiting root privs to the OS without a special password (actually, they already have that mechanism), the problem application support kicks in.

There are a lot of popular programs in Windows that seemingly don't run at all unless an administrator is logged in.

McAfee is one of the biggest culprits - where it won't allow a non-admin user to initiate a scan. Even a simple kids program like Kid-Pix requires administrator privilages (that's a smart design decision).

The point is, a lot of application vendors will also have to start locking down their programs, rather than forcing the user to run in administrator mode (which they shouldn't be).

This will also require a lot of user training - who are used to doing anything they want on their computers without the "bother" of a root password.

[iKenny]

On Mac OS X security

Sure, every major system has flaws. I'd be far more concerned if
Apple weren't releasing security fixes. Many of the security fixes
Apple releases solve problems in the UNIX code they use rather
than in the Apple-specific coding that also makes up OS X. In
addition, OS X will always have the benefit of having a disabled
root user that cannot be accessed without user intervention,
which Windows lacks. I suspect eventually we'll see some
viruses/worms for OS X now that their marketshare has begun to
climb again, but I also believe that Mac OS X is an inherently
more secure operating system simply because of its architecture
and the age of Windows.

[Tex Murphy PI]

It will take more than MS to fix Windows

A lot of security problems can be easily laid down on Microsoft's door - especially that of everyone having root privilages.

However, if MS were to start limiting root privs to the OS without a special password (actually, they already have that mechanism), the problem application support kicks in.

There are a lot of popular programs in Windows that seemingly don't run at all unless an administrator is logged in.

McAfee is one of the biggest culprits - where it won't allow a non-admin user to initiate a scan. Even a simple kids program like Kid-Pix requires administrator privilages (that's a smart design decision).

The point is, a lot of application vendors will also have to start locking down their programs, rather than forcing the user to run in administrator mode (which they shouldn't be).

This will also require a lot of user training - who are used to doing anything they want on their computers without the "bother" of a root password.

[open-mind]

Typical CNET.

If this had been a Windows update story...

"WINDOWS USERS BLESSED WITH SP3. GLORY TO GATES IN THE HIGHEST, AND PEACE TO HIS PEOPLE ON EARTH."

Instead of...

"ANOTHER 867 WINDOWS FLAWS PATCHED".

[open-mind]

Typical CNET.

If this had been a Windows update story...

"WINDOWS USERS BLESSED WITH SP3. GLORY TO GATES IN THE HIGHEST, AND PEACE TO HIS PEOPLE ON EARTH."

Instead of...

"ANOTHER 867 WINDOWS FLAWS PATCHED".