Patch/Configuration Management, Vulnerability Management

Apple fixes 45 flaws on its own version of Patch Tuesday


Apple made up for Microsoft's rare patch skip Tuesday when the computing giant itself released fixes for 45 vulnerabilities in the Mac OS X.

Nine of the mended flaws were publicized in January’s "Month of Apple Bugs" project, while seven of the sealed holes were brought to light in November’s "Month of Kernel Bugs" venture, according to an Apple advisory.

Tuesday’s update – which can be downloaded from Apple’s website or through the company’s software update feature – covers a number of flaws in Mac OS X components and third-party software. The update includes an eight-vulnerability fix for problems related to the processing of disk images, which could lead to an unexpected system crash or arbitrary code execution.

The security upgrade also addressed seven flaws in MySQL open-source database software and five vulnerabilities in OpenSSH, a free tools suite that encrypts network traffic. The most serious exploit within either application could lead to arbitrary code execution.

Apple, in a separate update, also patched a hole in its iPhoto software application.

"I think it's kind of unprecedented for Apple to do such a large release at once," Andrew Storms, director of security operations at nCircle, told today. "They had some pressure to get stuff out. Obviously we're seeing somewhat of a fallout from the 'Month of Apple Bugs.'"

Tuesday’s major patch release – which came out on the day Microsoft normally issues monthly security fixes – marked Apple’s seventh security update of the year and its third major one. Compared to this time last year, the Cupertino, Calif.-based computing giant had only issued five such updates, two of which were major.

Because Apple is not widely deployed on an enterprise level, administrators who was must deal with Tuesday's update will be doing "a lot of manual patching and (sending) a lot of emails to users (telling them) to update this stuff."

Apple is trying to take market share from Microsoft, aided by an aggressive advertising campaign painting Windows as less secure and unhip. But that approach may attract more hackers to find holes, experts say.

"Why not go after the operating system that's touting security?" Storms said.

A new Mac OS X, named Leopard, is due out this spring.

An Apple spokeswoman did not return telephone calls seeking comment.

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.