Apple delivers record Mac OS X security update

Share this article:
Apple late Tuesday issued its largest Mac OS X security update ever, delivering fixes for more than 80 vulnerabilities.

The “highly critical” flaws, which exist across a number of applications and components in OS X 10.4 (code-named Tiger) and 10.5 (Leopard), might permit security bypass, privilege escalation and system takeover, according to vulnerability tracking firm Secunia.

“I actually didn't count every single bug in it, but it's biggest I've seen in memory,” Peter James, a spokesman for Mac security vendor Intego, told on Tuesday. “What's interesting is that a lot of things that are fixed have a lot of issues.”

Roughly half of the updates addressed problems in third-party software that is bundled with the OS X, such as the Apache web server (10 flaws), PHP programming language (10) and ClamAV anti-virus (19), James said. The latter offering is shipped with the OS X server.

“Apple does depend on a lot of outside software, open-source or not,” he said. “While they're not responsible for it, where there are problems with this software, it could eventually affect Mac OS X.”

Holes were also plugged in many other components, including the CUPS printer services, Core Foundation and AFP (Apple Filing Protocol). The most interesting fix may have involved a mistaken German translation included in the application firewall preference plug-in, James said.

Meanwhile, Apple also released an update to its Safari web browser, plugging 13 vulnerabilities, many of which could be exploited by attackers to launch cross-site scripting attacks.

The security update is by far OS X's largest on record, and many Mac enthusiasts were left wondering why the company failed to push out patches as third-party updates became available.

“There are a lot of people asking on blogs and websites, ‘Why didn't they do this progressively?'” James said. “It's like they were saving up to drop as many things as they could at a single time.”

Jennifer Hakes, an Apple spokeswoman, did not respond to a request for comment.

News of the security update comes on the heels of new research from NPD that shows Macs last month accounted for 14 percent of all U.S.-based PC retail sales, up 60 percent from the same period one year ago.
Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.