Apple delivers record Mac OS X security update

Share this article:
Apple late Tuesday issued its largest Mac OS X security update ever, delivering fixes for more than 80 vulnerabilities.

The “highly critical” flaws, which exist across a number of applications and components in OS X 10.4 (code-named Tiger) and 10.5 (Leopard), might permit security bypass, privilege escalation and system takeover, according to vulnerability tracking firm Secunia.

“I actually didn't count every single bug in it, but it's biggest I've seen in memory,” Peter James, a spokesman for Mac security vendor Intego, told SCMagazineUS.com on Tuesday. “What's interesting is that a lot of things that are fixed have a lot of issues.”

Roughly half of the updates addressed problems in third-party software that is bundled with the OS X, such as the Apache web server (10 flaws), PHP programming language (10) and ClamAV anti-virus (19), James said. The latter offering is shipped with the OS X server.

“Apple does depend on a lot of outside software, open-source or not,” he said. “While they're not responsible for it, where there are problems with this software, it could eventually affect Mac OS X.”

Holes were also plugged in many other components, including the CUPS printer services, Core Foundation and AFP (Apple Filing Protocol). The most interesting fix may have involved a mistaken German translation included in the application firewall preference plug-in, James said.

Meanwhile, Apple also released an update to its Safari web browser, plugging 13 vulnerabilities, many of which could be exploited by attackers to launch cross-site scripting attacks.

The security update is by far OS X's largest on record, and many Mac enthusiasts were left wondering why the company failed to push out patches as third-party updates became available.

“There are a lot of people asking on blogs and websites, ‘Why didn't they do this progressively?'” James said. “It's like they were saving up to drop as many things as they could at a single time.”

Jennifer Hakes, an Apple spokeswoman, did not respond to a request for comment.

News of the security update comes on the heels of new research from NPD that shows Macs last month accounted for 14 percent of all U.S.-based PC retail sales, up 60 percent from the same period one year ago.
Share this article:

Sign up to our newsletters

More in News

Errors in ZeroLocker means paying ransom may not decrypt files

A piece of ransomware known as ZeroLocker contains various errors that may prevent files from being decrypted even if the ransom is paid.

Rogue AV scammers find success with new tatics

Although the number of rogue anti-virus malware campaigns have decreased overall, the threat isn't totally gone, according to researchers at Microsoft.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.