- Technology news and Jobs 
Information Technology News Bumper bundle of security patches for Mac OS X
Information Technology News Bumper bundle of security patches for Mac OS X | Bumper bundle of security patches for Mac OS X |
|
|
| by Stephen Withers | |
| Wednesday, 19 December 2007 | |
|
Page 1 of 2 Several items relate to third-party or open source software provided with Mac OS X. Adobe's Flash Player plug-in 9.0.115.0 and Shockwave plug-in 10.1.1.016 are included. While the former was released earlier this month, Adobe's web site says the latter appeared in March 2006. The Shockwave plug-in provided with Mac OS X 10.5 describes itself as version 10.1r11 with a 2004 copyright date. It is surprising it took so long for Apple to distribute the 'new' version. Other examples include new versions of the Python, Perl and Ruby interpreters, Samba (which provides Mac OS X's SMB file and printer sharing capabilities), CUPS (the open source Common Unix Printing System, now 'owned' by Apple), the GNU Tar utility (used to create and unpack certain types of archive files), and tcpdump (a network monitoring tool; the update provides version 3.9.7, not the current 3.9.8) The problem with Apple distributing non-current versions of open source software is that it makes it easier for attackers to find holes in Mac OS X. They can look for any security-related changes between the versions, and then work out ways of exploiting them. Most of the fixes relate to Apple's own software, including Address Book, ColorSync, iChat, Mail, Quick Look, Safari, Software Update and Spotlight. They generally involve maliciously crafted files or links causing crashes or arbitrary code execution. |
| < Next story in category | Previous story in the category > |
|---|
