Apple delivers record Mac OS X security update

Share this article:
Apple late Tuesday issued its largest Mac OS X security update ever, delivering fixes for more than 80 vulnerabilities.

The “highly critical” flaws, which exist across a number of applications and components in OS X 10.4 (code-named Tiger) and 10.5 (Leopard), might permit security bypass, privilege escalation and system takeover, according to vulnerability tracking firm Secunia.

“I actually didn't count every single bug in it, but it's biggest I've seen in memory,” Peter James, a spokesman for Mac security vendor Intego, told on Tuesday. “What's interesting is that a lot of things that are fixed have a lot of issues.”

Roughly half of the updates addressed problems in third-party software that is bundled with the OS X, such as the Apache web server (10 flaws), PHP programming language (10) and ClamAV anti-virus (19), James said. The latter offering is shipped with the OS X server.

“Apple does depend on a lot of outside software, open-source or not,” he said. “While they're not responsible for it, where there are problems with this software, it could eventually affect Mac OS X.”

Holes were also plugged in many other components, including the CUPS printer services, Core Foundation and AFP (Apple Filing Protocol). The most interesting fix may have involved a mistaken German translation included in the application firewall preference plug-in, James said.

Meanwhile, Apple also released an update to its Safari web browser, plugging 13 vulnerabilities, many of which could be exploited by attackers to launch cross-site scripting attacks.

The security update is by far OS X's largest on record, and many Mac enthusiasts were left wondering why the company failed to push out patches as third-party updates became available.

“There are a lot of people asking on blogs and websites, ‘Why didn't they do this progressively?'” James said. “It's like they were saving up to drop as many things as they could at a single time.”

Jennifer Hakes, an Apple spokeswoman, did not respond to a request for comment.

News of the security update comes on the heels of new research from NPD that shows Macs last month accounted for 14 percent of all U.S.-based PC retail sales, up 60 percent from the same period one year ago.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.