Apple megapatch plugs 45 security holes

Status
Not open for further replies.
Ankur Mittal

Ankur Mittal

Journeyman
The megapatch, also known as Mac OS X 10.4.9, is the seventh Apple security patch release in three months. It deals with vulnerabilities in Apple's own software, as well as third-party components such as Adobe Systems' Flash Player, OpenSSH and MySQL. Sixteen of the vulnerabilities addressed by the update were previously released as part of two high-profile bug-hunting campaigns. Several of the flaws could be exploited to gain full control over a Mac running the vulnerable component, according to Apple's advisory. Other holes are limited and could only be exploited to crash a Mac or used by somebody who already has access to a machine.

Eight vulnerabilities are related to the way Mac OS X handles disk images; mounting a malicious image may lead to an error and could provide a means for an attacker to breach a Mac, Apple said. Nine vulnerabilities were released as part of the Month of Apple Bugs in January and seven bugs disclosed in the Month of Kernel Bugs in November. While several of the vulnerabilities repaired by Apple's updates were previously known, it doesn't appear that any attacks that exploited the flaws actually occurred. Apple also issued a second update which fixes a security bug in iPhoto that could allow an attacker to craft a malicious "photocast" which, when opened, could compromise a Mac.

News source: News.com
 
gxsaurav

gxsaurav

You gave been GXified
So, 7 updates in 3 months, each fixing more then 10 bugs, atleast 70 bugs in 3 months

Wow, thats so low compared to Other OS :D
 
kirangp

kirangp

The joy Of Wow
Hmm..well it proves that all OSes are susceptible to viruses,hackers...Loopholes are always created & fixed afterwards...All programmers make mistakes:)
 
kirangp

kirangp

The joy Of Wow
10.5 means LEOPARD the next series of MAC OS...this will be the last patch I guess b4 Leopard comes out
 
alsiladka

alsiladka

Noobie Pro
Theres a rumour that leapord's gonna be out somewhere in April.

BTW, as mentioned above , 7 updates in 3 months with so many security holes fixed :D
Feels so safe using a MAC;)
 
kirangp

kirangp

The joy Of Wow
Well it is sort of safe using MAC because not too many viruses,spyware etc are made for MAC..Even if they fix the vulnerabilities after 1 yr nobody would have any idea about it...
 
goobimama

goobimama

 Macboy
Nice observation GX. I wouldn't know cause I've been in the mac world only since Tiger, but I hope they do provide individual software patches (they do that, doesn't have to be an upgrade in the version number)...
 
mail2and

mail2and

Walking, since 2004.
goobimama said:
Nice observation GX. I wouldn't know cause I've been in the mac world only since Tiger, but I hope they do provide individual software patches (they do that, doesn't have to be an upgrade in the version number)...
Click to expand...

They provide all updates in the form of 'security releases'. So, all bugs, vulnerabilities etc are patched. Look up the software downloads section on the support site, you'd find updates for Panther released along with updates for Tiger.
 
aryayush

aryayush

Aspiring Novelist
kirangp said:
Well it is sort of safe using MAC because not too many viruses,spyware etc are made for MAC..Even if they fix the vulnerabilities after 1 yr nobody would have any idea about it...
Click to expand...
Edit: The phrase "not too many" is wrong. There have been zero "viruses,spyware etc" for Mac OS X ever since it was released in 2001. :)

I am downloading it at present, I hope there are some new features too - maybe even a taste of Leopard! :p
__________
About the Mac OS X 10.4.9 Update (delta) :)
 
Last edited:
nepcker

nepcker

Proud Mac Pro Owner
OS X is a lot less buggy that other OSes. Even when other OS makers (like M$) find a bug or a vulnerability, they are lazy and release the patch very late or not at all, but Apple fixes it quickly. Stats about no. of bugs unfixed should tell that there are zero discovered bugs left for OS X.

Tiger hitting its ninth update since the 2005 release of OS X 10.4 must mean that Leopard is just around the corner. And if you look at the timing around the last couple of OS X 10.4 updates—10.4.6 came out last April, 10.4.7 followed in June, and 10.4.8 appeared in September—you get… well, no discernible pattern, really. A fairly steady drumbeat of about three months between incremental updates followed by the six-month stretch between 10.4.8 and 10.4.9. Most people seem to think that puts OS X 10.5 in the May/June timeframe which would certainly be within the Spring 2007 window Apple mentioned when previewing Leopard last summer.

That, of course, assumes, two things—1) that Apple isn’t perfectly capable of slapping on a .10 or a .9b or even a .May2007 at the end of any additional OS X 10.4 update; and 2) that Apple’s going to hit its self-imposed Spring 2007 deadline for Leopard. I don’t think there’s anything precluding Apple from doing No. 1. As for No. 2, all public signs seem to suggest that OS X 10.5 is on schedule.

A good link to check is *www.macrumors.com/2007/03/12/leopard-to-pounce-in-mid-late-april/
 
Last edited:
gxsaurav

gxsaurav

You gave been GXified
Just to let you know about the Quality Control at Apple

Wow, means those Apple ADs were wrong. Macs do crash, they do have numuras bug just like any other OS
 
kirangp

kirangp

The joy Of Wow
aryayush said:
Edit: The phrase "not too many" is wrong. There have been zero "viruses,spyware etc" for Mac OS X ever since it was released in 2001. :)

I dont think so...hehe...MACs are already affected by viruses..yes Mac OS X itself...well even thought it happened in Feb 2006,u still dont have idea about it...I am quite surprised...Have a look at these 2 articles

*www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html

The second one is even more better...

*www.marketwatch.com/News/Story/Sto...D558B0}&source=blq/yhoo&dist=yhoo&siteid=yhoo
Click to expand...
 
goobimama

goobimama

 Macboy
^^
The only way you can get the Leap-A malware on your machine is if you take some action to put it there yourself.
Click to expand...

The Leap-A malware does not mean that OS X is any less safe from viruses than it was prior to its release. Socially-engineered malware has always been possible, and will always be possible. If you can get a user to run something, then clearly, you can choose to do whatever you wish while your code is executing. While there are some things Apple can do to make us all even safer (for instance, InputManagers should not be installable without explicit permission), I still believe OS X is a very secure operating system, and I have no concerns about using it on a daily basis. Neither should you.
Click to expand...
....*www.macworld.com/news/2006/02/16/leapafaq/index.php
 
aryayush

aryayush

Aspiring Novelist
Yes, and a virus that cannot affect your machine without any action your part (i.e. by itself) is called a proof of concept code. It is not an actual virus in the wild which poses a threat to Mac OS X security.
There has never been any actual virus for Mac OS X, not even a single one.

@gx_saurav
I am typing this on a MacBook Pro running Mac OS X 10.4.9. I updated the day before yesterday and am pleased to report that there have been no problems with my machine.
Macs do crash, that much is true, but the frequency of these crashes is a fraction when compared to the crashes suffered by PC users running Windows. I, for one, have not had a single crash in the seven months I have had my notebook.

As for bugs, every piece of software ever written is bound to have some bugs. And I do not think you have expertise enough to judge the number of bugs in operating systems.
 
kirangp

kirangp

The joy Of Wow
Fellow MAC brothers...instead of downloading this patch I advice you to visit this thread & wait for a few more days for apple to release a revised patch
*www.thinkdigit.com/forum/showthread.php?t=52532

even though I dnt use MAC I take interest in others' well being...hehe
__________
Aryayush now instead of accepting that there is a virus,you are taking a new meaning out of the sentences...Anywayz I am even more convinced about a virus being present in MAC OS X & have also given you the source...If you dont take in the right spirit & accept it then I dont know what else to say...
 
Last edited:
aryayush

aryayush

Aspiring Novelist
Hey, c'mon man! I know about these reports of viruses and when I posted the original statement about there not being any virus for OS X, I had taken these reports into account. It is a fact that there isn't a single virus for Mac OS X out in the wild. It is not about accepting or denying anything. It is a truth. If you don't want to believe it, I cannot do anything about it.

But the virus you are talking about is called a proof of concept code. It is demonstrated that Mac OS X has a flaw that could be taken advantage of if it did not have so-and-so protections. It is not a virus because it cannot exploit that flaw with the protections in place which are there by default in Mac OS X. That is why it is called a proof of concept. I hope it is clear now.

The fact of the matter is that browsing the internet without installing third party anti-virus software is highly insecure in Windows, while on a Mac, you could purposely download malicious files and they still wouldn't harm your system. :)
 
Last edited:
Status
Not open for further replies.
Top Bottom