backtop

Software Apple Plugs 25 Mac OS X Flaws
Michael Hoffman (Blog) - April 20, 2007 3:06 PM
Print E-mail del.icio.us 21 comment(s) - last by weskurtz0081.. on Apr 24 at 1:33 AM
Apple has released its fourth batch of updates this year

Apple has released its fourth security update of 2007, fixing 25 flaws that were found in Mac OS X.  Fifteen of the 25 vulnerabilities reportedly could allow an attacker to take over complete control of an unsecured Mac.  The fixes affect different parts of the operating system, with some third-party components also included.  

Fixes include an AirPort patch that prevent local users from being able to execute code with elevated privileges, which could have been a big problem for corporate system users.  Another patch also stops users from being able to bypass login and screen saver authentication procedures.  Other fixes include Fetchmail, Installer packages, Kerberos, Help Viewer, and a videoconferencing program.

Apple has released a batch of security updates each month so far in 2007.  In March, Apple's security update included having to fix 45 bugs in OS X.  The company still does not have any plans to release an official patch schedule like Microsoft, reports indicate.

There have been no confirmed reports that any of the vulnerabilities have been exploited by malicious users.

The update download is available to Mac OS X users through either the Software Update preferences or from the Apple Downloads web site.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
WHAT?!!??
By cessation on 4/21/2007 3:41:37 PM , Rating: 5
You mean macs aren't impenetrable like the commercials imply?!?!?




RE: WHAT?!!??
By ghostbuster on 4/21/2007 4:06:55 PM , Rating: 5
Yeah, I can just picture the new commercials...

Mac:
- Hi, I'm a Mac and I just had my security holes plugged 25 times.

PC:
- Dude, I don't want to know...


RE: WHAT?!!??
By ObscureCaucasian on 4/23/2007 10:41:26 AM , Rating: 2
I'd pay to see that ad!


RE: WHAT?!!??
By ebakke on 4/21/2007 4:39:57 PM , Rating: 3
I'd like to preface this with - Unlike so many others, I did not drink the Apple Kool-Aid.

But the commercials imply there have been zero (or a very limited number of) actual exploits. While the OS has holes, they are patched before someone takes advantage of them. You can use any number of reasons to explain why, but the simple fact is true - if you own a Mac you don't concern yourself with viruses on a daily basis.


RE: WHAT?!!??
By SavagePotato on 4/21/2007 5:16:53 PM , Rating: 4
Virus? I don't remember the last time I've seen a machine across the bench with a virus. Unless you count the usual pile of trojans jammed into all the rogue spyware apps.

Mac doesn't have a spyware problem mainly because they have a secure browser, and less than 10% of the market share. Honestly why target your addware at less than 10% of the market.

XP was like the wild west of malware back in the pre sp2 days, and in alot of ways it still is. Honestly though, I don't have an antivirus, I don't have any antispyware, and I guess i am running vista, which I've been quite happy with. Prior to that I happily ran XP from six months of it's release without one single infection.

I clean up alot of computers in any given week and quite frankly I havent seen many that can't be blamed on the user. Seriously teenagers are the bane of existance to the pc, between limewire, msn messenger, yahoo, and all the crap toolbars, smilies, zwinky's and other stupid stuff they love to install it's usualy a real mess.

The makers of this crap just know who to target, and it works quite well since most kids know just enough about computers to get themselves into trouble but not enough to get out.

I have nothing against the mac besides their mudslinging campaigns (read commercials.) Or possibly the outlandish price of their hardware.


RE: WHAT?!!??
By Nach0 on 4/21/2007 5:59:46 PM , Rating: 3
quote:
I have nothing against the mac besides their mudslinging campaigns (read commercials.) Or possibly the outlandish price of their hardware


I too have the job of reconstructing registries, removing malware etc etc, as a small business owner they make up a fair but of my trade, still im in no way an advocate of them, id rather just replace failed HD's etc.

now my 5c worth.
but with regards to price, the macs have come down alot in recent years, and while dell are spewing out AUS$799 for a laptop the apple offerings are still higher in price, but the desktops are quite well prices, in comparison the Macmini being $1200ish for the top spec one, I received a wholesale pc catalog where a 'mini PC' system was $1599, then you still had to get the OS, another $150 and it didnt have bluetooth, so thats another $50 for a USB adapter, it all adds up, its only now that Macs are running nearly the identical guts of higher specced PC that we can a closer comparison.

wow, thats alot for 5c


RE: WHAT?!!??
By SavagePotato on 4/21/2007 6:22:07 PM , Rating: 1
The desktops we sell in the shop range from $799 to absolute tops $1399 without a monitor. (figure 250-450 for what we sell flat panels at).

Basicaly 1399 gets you a core2 1.8, 2 gigs of ram, a p5b-e board, preloaded with vista premium, bout a 320 gig drive, and a burner.

Smaller shop, our prices are higher than the dell's and whatnot, but thats still a solid system that if you even wanted to you could overclock the living hell out of. Has a no questions asked 3yr warranty thats realy realy good to boot. Personaly I never touch a prebuilt system obviously, but if i was going to, I would rather have something like this with a decent warranty you can get dealt with locally and quickly. Im not up 100% on the specs and costs of the macs, but based on the mac pro I priced at apples website for amusement, It was way overboard. I could have pushed the same specs into a pc for alot less and being server aimed, yes windows server adds like 700 bucks to the order cost but slapping linux on is always an option.

I'm all for competition in the marketplace, so more power to Apple on getting established and getting more mainstream. Redmond needs it's checks and balances, the more the better, and the competition gives both mac and pc crowds innovation in the way of the os.

Apple is quick to sling the finger of blame for copycatting I find even when they are probably one of the biggest offenders themselves. I say the more the better, copy copy copy, take eachothers features, build on them, make them better and keep it going back and forth. Thats what gave us Vista, Im sure that Vista is going to lead to some new adaptations and innovations for leopard users as well.

Fair warning to mac though, they will have to be on their toes if they want more of the peice of the pie. The glory days of being the smaller market that doesn't get targeted won't last forever as they push into the mainstream. The advertising bloat beast will set their sights on them soon enough once they get big enough.


RE: WHAT?!!??
By Flunk on 4/22/2007 4:15:48 PM , Rating: 2
Actually it's lower than that. here's a nice article (from an admitted Mac-friendly site) that estimates the OS X market share.


RE: WHAT?!!??
By Flunk on 4/22/2007 4:16:18 PM , Rating: 2
Sorry I posted without actually includeing the link. I feel stupid.

http://arstechnica.com/journals/apple.ars/2007/04/...


RE: WHAT?!!??
By SavagePotato on 4/21/2007 5:30:15 PM , Rating: 1
On a side thought, I wish someone would make some mudslinging commercials against Winantispyware, and all the other rogue app writers out there that make my life miserable having to remove their crap week in week out.

Im waiting for scans on a compaq laptop across the room behind me right now and the latest version of virtumundo is such a pain in the ass it's not even funny. There was at least 6 machines in with it this week one of them my brothers own (thanks alot nephews and your f-ing msn messenger).

I wish Jack thompson would go after them or something.


RE: WHAT?!!??
By SiliconAddict on 4/22/2007 5:02:47 PM , Rating: 2
Umm I hate to break this to you fanboi but the commercials have never stated or even suggested that the Mac is impervious from hacking. Just that its more secure then Windows which is true enough.
If you had taken a look at the actual details of the update you will see that something like 90% of them pertain to "Impact: A local user may be able to execute arbitrary code" What this boils down to is someone has to be sitting in front of the system and have admin rights.
AFAIK there has not been a single instance of a security vulnerability that could allow a worm to easily propagate from system to system. Something that Windows has a long and sorted history of.
Note though that I'm typing this on Server 2003 installed on my home desktop system. I have a MacBook pro and was never under the illusions that Mac's security is invulnerable. Hell I'm probably not going to buy another Mac again, assuming I can ever get it to run virtualized under Windows.


The most important sentence.
By THEiNTERNETS on 4/22/2007 10:15:54 PM , Rating: 2
"There have been no confirmed reports that any of the vulnerabilities have been exploited by malicious users."

You may now continue bashing my "overrated piece of crap" laptop. I'll just be listening to my iTunes or something. You know, something annoying like that.




RE: The most important sentence.
By weskurtz0081 on 4/23/2007 12:05:08 AM , Rating: 2
You forgot overpriced! I don't really care, let the 5-10% if that buy Macs, I will just put OSX on my PC when I feel like it. My buddy has been playing with it on his, and it runs with ALL the options. It's the best of both worlds, since Apple doesn't really give you any customization options, and when they do, the one or two the give are rather pricey. At any rate, it's a good OS, on overpriced hardware in most cases. The higher prices, lack of customizations, and elitist attitude keep me from diving into the Mac community. I once found a good deal on a Mac notebook, used on the website but, it was beat out by an Acer notebook with more memory, a larger hard drive, and a better GPU. All of that for $600 less. Sorry Apple, your OS isn't worth $600.

wes


RE: The most important sentence.
By rob917 on 4/24/2007 12:15:28 AM , Rating: 2
well. i have a macbook pro. yes. i have this shiny silver laptop. and i love it to death. im not saying mac is better than windows but they serve different purposes, and contrary to the commercials, i don't think that eiither one is more fun or more work. i write all of my school papers on my mac. i play all my games on my windows, but lets be honest mac does have a leg up in media. the whole os is desigined around begin either a good easy to use os, or one which is for power users like myself. i love my mac because i can ask, "how many songs have you recorded with less than 2500 dollars of equipped ment. not to suggest you can't, but it would be really freakin tuff on a windows. also i went off on a tangent, but i have more to say. these "25 security plugs" are terrible i feel so threatened. its almost as if im running an operating system which can install programs that i dont want without me askking. maybe like windows. now any one who is posting on this website knows how to stay out of the line of fire of trojans and malware, but the average user, and of course teenagers such as myself with our mysspace and dirty movies, wont know how to portect our computer, and therefore a mac is a much more viable option, plus, now we cann run windows without shutting down our computers. yay! but i still have my windows i built and i love it to death.


By weskurtz0081 on 4/24/2007 1:33:21 AM , Rating: 2
Like I said, I like the OS, but the hardware isn't worth the price. Even today. Yes, Apple is more competitive with the hardware, if they weren't, they would be losing the little market share they have. I will just install OS X on my pc when I feel like playing with it. I don't really need to though because I know how to keep my computer clean, and I like playing games, which is something more common on a Windows machine.

Here is a nice little article about installing stuff on your Mac without your permission.
http://securitywatch.eweek.com/apple/mac_hacked_vi...
Not that it really matters though, even the exploiter says that there isn't much money in hacking a Mac. He also said it was rather easy. Anyway, like I have already said, I like the software but not the over priced hardware. I will just slap OS X on my PC if I want to play with it. If Apple were smart, they would open the market up and allow OS X to compete openly against Windows. Until then, they will be playing second fiddle to Microsoft.

Nothing better than OS X on my AMD based desktop(other than a Core 2 :)

wes


Nice article picture
By daftrok on 4/21/2007 6:18:12 PM , Rating: 2
It would have been even better if you have a shot of a cheetah smashing through windows...hehe...I'm priceless.




RE: Nice article picture
By noirsoft on 4/21/2007 7:55:31 PM , Rating: 3
Now, a picture of a cheetah with obvious hair plugs, that would be an appropriate picture.

Or maybe a pic of the mac guy with a speech bubble saying, "Kettle, you sure are black"


RE: Nice article picture
By mechBgon on 4/22/2007 2:40:02 PM , Rating: 2
quote:
It would have been even better if you have a shot of a cheetah smashing through windows...
That's not a cheetah, silly. :) http://pics.bbzzdd.com/users/mechBgon/Cheetah_v_Le...

Further reading: in a few hours, security researchers find a new 0-day vulnerability in Safari, approximately on par with the recent ANI exploit for Windows, and take home a Macbook and $10k for their troubles.

http://www.securityfocus.com/news/11461

quote:
Despite their success, Dai Zovi and Macaulay are not maintaining that the Mac OS X is any more or less secure than, say, a Windows Vista system or some variant of Unix. While Macaulay uses a MacBook installed with Windows Vista, Dai Zovi considers himself a Mac fanboy and uses Macs regularly. The contest just shows that Mac users have to worry about vulnerabilities just as much as other computer users, Dai Zovi said. It's a fact of life with which all security experts are familiar, but to which some Mac users seem resistant.


I agree...
By jordanl17 on 4/22/2007 9:33:13 PM , Rating: 2
Apple's commercials are such bull crap. and their hardware is over priced... I hate the fact that "artsy" people love mac's because they are different.. artsy people tend to be against corporations.. .. yet, APPLE is a huge corporation. Go ahead, build your own mac.. oh, you can't. You have to buy the whole damned computer from Steve Jobs. At least Bill Gates only sells you the OS....

OH and when Bill Gates tries to put a bunch of cool software in his OS he gets sued by the government... what's that all about?!




RE: I agree...
By JLN on 4/23/2007 1:32:16 PM , Rating: 2
quote:
Apple's commercials are such bull crap. and their hardware is over priced...
Apple is obviously expensive because they pour in aesthetic value into their products. I'm sure prices wouldn't be nearly as hiked if they all looked like standard PC counterparts. Although their laptops are lacking, the Mac Pros are actually extremely competitive compared to similar PC systems.
quote:
OH and when Bill Gates tries to put a bunch of cool software in his OS he gets sued by the government... what's that all about?!

It's called Microsoft's violations of antitrust laws. The problem? Including 1st party software that could pose an unfair advantage to other 3rd party competitors (ex. Netscape, Norton Antivirus). Solution? Simply have them available online as an optional download instead of bundling. That's what it's all about.


RE: I agree...
By AstroCreep on 4/23/2007 10:42:22 PM , Rating: 2
quote:
Apple is obviously expensive because they pour in aesthetic value into their products.

That's not why they're more expensive. They're more expensive because of
A: great support (I even called them for a question about my GF's iTunes over a year ago, and the guy spent 20 minutes helping me, despite the fact that I did not own any Apple equipment, nor gave him a serial number)
B: everything that goes into their systems, that run on their systems must be certified to 'work' by Apple.

Now don't get me wrong, I'm not an Apple guy (I just picked up an iPod less than a year ago and use Anapod Explorer over iTunes), but you get what you pay for.