- Related Stories
-
Is Mac OS as safe as ever?
February 27, 2006 -
Mac OS flaw exposes Apple users
February 21, 2006 -
Bluetooth worm targets Mac OS X
February 17, 2006 -
New worm targets Apple chat users
February 16, 2006
The set of patches addresses a variety of security flaws, including several that could let an attacker gain control over a computer running the operating system software. The patch arrives after two weeks of intense scrutiny for Apple Mac OS X safety, prompted by the discovery of two worms and the disclosure of two security flaws in that period.
The Apple security update addresses those flaws, which affect the Safari Web browser and Apple Mail client. The vulnerabilities expose Mac users to risks that are more familiar to Windows owners: the installation of malicious code through a bad Web site or e-mail because of improper validation of downloads.
Is Mac OS as safe as ever?
The update also changes iChat, Apple's instant messaging application, to thwart instant message threats such as the Leap.A pest, which was detected recently and attacked some Apple users.
"iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers," Apple said.
Aside from the previously disclosed vulnerability in Safari, the Apple patch fixes four additional security bugs. These could result in code being executed on the user's machine after viewing a malicious Web site or allow JavaScript to execute in the local domain, Apple said in its update.
Other flaws fixed in the update include four issues related to the PHP scripted programming language, two problems related to Apple's Directory Services, a problem with mounting of file servers and a bug in FileVault secure storage, which was found to be insecure in the way a FileVault image is created.
Security Update 2006-001 can be downloaded and installed via the Software Update feature in Mac OS X or from Apple Downloads.
"Apple advises Mac OS X users to keep their system current by installing this and all Mac OS X software updates," the representative said.
See more CNET content tagged:
Apple Computer, Apple Mac OS, flaw, Apple iChat, Apple Safari
affected by these "serious" flaws. That's not to underplay the fact
that there were flaws, it's just that no one seems to have been able
or willing to exploit it. Start your "security through obscurity" and
"AV company conspiracy" debates here.
(Note though that these flaws were given a pretty high profile -
surely a tempting target?)
update their systems on a regular basis. I personally know
dozens of users of both platforms that have NEVER updated
their systems, EVER. They are still using the OS version that
shipped with the machine when they purchased it. A news report
last night estimated that one recently convicted cyber-criminal
had amassed an army of 750,000 zombie machines to do his
bidding. How did that happen? Unpatched machines, of course.
Visit either a Windows or Mac user discussion forum and just
look at all the reasons people come up with as to why they're
not going to install some patch or update because it might hurt
their system.
So the bottom line is, if some criminal decides to implement one
of the exploits, he/she will have thousands of victims to choose
from even if the flaw has been patched. A local radio personality
in my area has a really good signature line, "You can't fix
stupid."
update immediately. Since most of us are automatically informed
of updates, that's easy. As I said on another thread, many, if not
most Mac users, will have turned off the automatically open
downloads preference in Safari as soon as the flaw became known.
If there are heavy breathing hackers eager to conquer the Mac OS, I
don't understand why they ignored a two-week window of
(seeming) opportunity either.
1) You have no money, so nothing to steal
2) You have no ideas or thoughts, so nothing to borrow
3) Your hard drive is full of beastiality pics
Cheers!
Mister Winky
Mac's crash
Mac's get viruses (apparently)
Mac's crash less than Windows
I've never seen a Mac virus
I am unsure as to why you are laughing. Personally, I just got
very angry with Microsoft and left their platform after 15-years
support and bought a Mac. I have never regretted this decision
and I wonder why people will mock others who have actually
voted with their wallet. Seriously, are you really that happy with
Windows or Linux? If so then I'm really very happy for you but I
wasn't and I made a change. Is there really anything funny
about that?
1. an unsecure system.
2. Little and expensive software
3. Get to annoy people with your constant "get a Mac" fits
with windows you get
1. an unsecure system
2. Tons of software
3. Get to make Mac fanboys whimmer and cry with the truth
twenty security issues. Correcting you, apple updates its source
reguarly so a similar blue screen fiasco doesn't happen.
Unsecure system how so? reported, two malwares which
"I" have to agree and type in "my" system password so "it" can
install... what a joke this isnt a virus its a novelty... Which great
software do you mean? Final Cut Pro? Soundtrack Pro?
Aperture... even adobe is fully transitioning using apple core
base coming to the white side in 2007... this just leaves maya to
transition to the white side... Paying a lot when?? i can just use
bit torrent and have it for free/ Install/ Works no problem... Still
b!tching about the prices of quality industry leading software?
Well its a tax right off if you know what your doing... Pc are great
for iPhoto, Imovie Hd, Idvd, Garageband oh wait all your pc
comes with is windows media player im sorry... you dont need
3rd party software if your os manufacturer makes perfectly
functioning products ^^;
There isnt even a f'ing preference pane to control the damn Video settings (ie: ATI Catalyst Control Panel)
no suprise but you can port windows onto you mac for awhile
now.... i still yet to witness the trolls that may purchase this
program... Must be a very solid system :D but slow as fudge...
*mixes ammonia and bleach togethers.... (laughs hysterically)*
not available on Mac or Linux I run an old P400 Windows 98
computer that I picked up at a yard sale for $25.
It sets on a shelf in the closet, sans keyboard and monitor, and is
controlled via VNC (remote control software).
(much) little damage possible....3) Patches up the ass.... thanks for
making my system more secure!!!!
Windows it has 150,000 to wich I`ll get used to in no time.
Man! I`m getting wiser, thanks for show me the light... I don`t
know how I have being so blind all this 20 years using Macs.
The update? No, that's just really good.
The fact that the Apple-haters in this forum now have one less
thing to whine about? That's GREAT!
discover what a tiny blip it is for Mac users. Instead, they'll just
read the over-inflated headline and go "See? See? We were right
all along!" Then they'll go back to their world where unknown
causes of data corruption and system crashes are the norm and
the next attack gets to happen and wreak havoc before it might
be patched weeks later. Mac users meanwhile will keep getting
their work done and sleeping quite soundly. - which is
something you can only truly know and appreciate once you've
actually switched away from the Windows nightmare at long last
as I did.
Nobody's surprised. Ongoing security updates are part of
creating a secure system.
I'm not saying Macs aren't hackable, but one has to at least
admit that Apple is more proactive with their updates and less
reactive.
industry. They require a user to acknowledge the download and in
some cases type in their admin password.
I recommend people read the details of flaws at a security web site.
I am not a MAC bigot highlighting security is good. Microsoft is
leading the way in this area. We should all show people the
published security threat levels however...
But in the grand scheme of things, comparing the Mac problems in the news lately vs the ongoing problems Windows users have to live with every day, is like comparing a broken finger to cancer.
But you already know and ignore that fact, right?
Just my opinion.
pointed out vulnerabilities in a proof-of-concept form. No actual
malware based on these vulnerabilities has yet been seen.
1) Foriegn spies or mofia who have financial and criminal motivations to steal "data" from corporations and governments. These types of criminals are not concerned with a home user and his ONE credit card number sitting in a web browser cache. Instead, they're targeting corporate enterprise servers in an attempt to steal THOUSANDS of credit card numbers in one fell swoop.
Business and Government house information that has real financial value to these criminals. Where is Apple in the Business and Government world? Well unless you're an advertising firm or a magazine publisher, chances are high there's no Mac in sight. And what "valuable" information can be stolen from advertising firms and magazines? It doesn't pay to worry about expoiting OS X, when there is no valuable information being stored on OS X.
The only EXCEPTION to this class of hackers would be those who need an army of zombies to send spam emails or act as illegal porn servers. These guys just want your computer to do their dirty work so the cops can't trace it back to them. This would be the only kind of hacker I could see caring to exploit OS X. But then, the dreaded "market share" argument comes up. If 90%+ of home users are on Windows...where do you think that criminal will spend his energies?
2) Script Kiddies looking for notoriety and ego boots. This kind is harder to describe, but they tend to be youngish men who know a little something about computer technology and find simple ways to misuse a platform. The most recent OS X flaw (the one where a user had to type in root password from a website) wasn't so much a virus as just a misuse of an application to do harmful acts, assuming the user was dumb enough to type the admin password. These guys prey on home and business users who misconfigure (or fail to properly configure) applications. (Applications! Rarely is it kernel exploits.) Seeing how there are many more Windows apps around (some good, most bad,) there are more Windows targets to expoit.
It also needs to be said that there are a LOT more technical literature available for the PC platform. Both the criminal and the script kiddie can easily learn how to program and use a PC system, because PCs are by design more open and have more books available. (Not just Windows, but Linux as well.)
So when you say "It kind of makes sense to hit macs", I have to disagree. If I were either of the two hackers, I would have no reason whatsoever to care what Mac users were doing.
post 30.
Windows is inherently "too trusting" of the user, which is responsible for 90% of it's problems, yet the fix is so easy to implement. Just train your users to login with a crippled user account for everyday tasks, and issue the "Run As' command for anything that requires Admin privileges. Done, and done.
Mac users typically logon to their machine with an Administrator
account. In fact, a brand spankin' new Mac takes the user
through a quick setup process that creates their admin account.
The difference is that OS X continually makes you prove your
administrator credentials by requesting a password to install
new software, whether your already logged in as the admin or
not.
irrelevant should crawl back under their simple narrow-minded
microsoft rock. Yes i love the new imac, but i also like many
aspects of microsoft windows, thats why i have xp on my
macbook pro and think that people should try to be less bias
and close-minded about the whole mac v pc thing, that goes for
both sides of the os! Who cares if you think that macs are better
than pcs and vice versa, a mac is a pc now with intel x86. I
don't dislike any of the platforms, both have their strengths and
weaknesses.
- It's Amazing...
- by Whisperingrathe March 4, 2006 5:26 AM PST
- As a user of Windows XP and OSX...
- Like this Reply to this comment
-
-
- Then why did you buy a Mac?
- by J.G. March 4, 2006 12:46 PM PST
- True to an extent. But, one has more flaws than the other. If the
- Like this
-
- not amazing at all.....
- by Earl Benser March 4, 2006 1:03 PM PST
- ... you listed mostly quite simple functions requiring nothing more
- Like this View reply
Processing -
(59 Comments)It's amazing how I can type this response using either system..
Amazing how I was able to follow and watch the winter olympics on both systems.
Amazing how I checked my bank account at home with my Mac then at work on my PC.
Amazing how I downloaded songs to my iPod on my Windows XP machine and went for a jog.
Amazing how I can watch a DVD on my Mac while on my ATI dual monitor PC, I surf the internet, burn a CD and check my email.
Amazing how I can hook up my guitar to my Mac and record and edit a quick tune.
Amazing how both systems have security flaws and need patches to fix.
Amazing how both OS's have flaws that are located between the chair and the keyboard!
Mac were not better in some ways, you would not have bought it.
Claims of false equality are poor reasoning.
than a browser, plus DVD and CD software, plus Itunes from Apple.
There was no sense spending any serious money for that
performance - the cheapest PC would have been quite adequate.
The guitar recording may have needed a quality application, but
they work on the cheap PC's.
Nothing amazing about that.