Apple delivers record Mac OS X security update

Share this article:
Apple late Tuesday issued its largest Mac OS X security update ever, delivering fixes for more than 80 vulnerabilities.

The “highly critical” flaws, which exist across a number of applications and components in OS X 10.4 (code-named Tiger) and 10.5 (Leopard), might permit security bypass, privilege escalation and system takeover, according to vulnerability tracking firm Secunia.

“I actually didn't count every single bug in it, but it's biggest I've seen in memory,” Peter James, a spokesman for Mac security vendor Intego, told SCMagazineUS.com on Tuesday. “What's interesting is that a lot of things that are fixed have a lot of issues.”

Roughly half of the updates addressed problems in third-party software that is bundled with the OS X, such as the Apache web server (10 flaws), PHP programming language (10) and ClamAV anti-virus (19), James said. The latter offering is shipped with the OS X server.

“Apple does depend on a lot of outside software, open-source or not,” he said. “While they're not responsible for it, where there are problems with this software, it could eventually affect Mac OS X.”

Holes were also plugged in many other components, including the CUPS printer services, Core Foundation and AFP (Apple Filing Protocol). The most interesting fix may have involved a mistaken German translation included in the application firewall preference plug-in, James said.

Meanwhile, Apple also released an update to its Safari web browser, plugging 13 vulnerabilities, many of which could be exploited by attackers to launch cross-site scripting attacks.

The security update is by far OS X's largest on record, and many Mac enthusiasts were left wondering why the company failed to push out patches as third-party updates became available.

“There are a lot of people asking on blogs and websites, ‘Why didn't they do this progressively?'” James said. “It's like they were saving up to drop as many things as they could at a single time.”

Jennifer Hakes, an Apple spokeswoman, did not respond to a request for comment.

News of the security update comes on the heels of new research from NPD that shows Macs last month accounted for 14 percent of all U.S.-based PC retail sales, up 60 percent from the same period one year ago.
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.