iTWire - Bumper bundle of security patches for Mac OS X

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Bumper bundle of security patches for Mac OS X

Bumper bundle of security patches for Mac OS X

E-mail

by Stephen Withers
Wednesday, 19 December 2007
Page 1 of 2 Apple's Security Update 2007-009 delivers a wide-ranging set of fixes for Leopard and Tiger. Featured Whitepaper 5 Best Practices for Smartphone Support The update covers the desktop and server versions of Mac OS X 10.4.11 and 10.5.1, and many of the issues allow the execution of arbitrary code. Several items relate to third-party or open source software provided with Mac OS X. Adobe's Flash Player plug-in 9.0.115.0 and Shockwave plug-in 10.1.1.016 are included. While the former was released earlier this month, Adobe's web site says the latter appeared in March 2006. The Shockwave plug-in provided with Mac OS X 10.5 describes itself as version 10.1r11 with a 2004 copyright date. It is surprising it took so long for Apple to distribute the 'new' version. Other examples include new versions of the Python, Perl and Ruby interpreters, Samba (which provides Mac OS X's SMB file and printer sharing capabilities), CUPS (the open source Common Unix Printing System, now 'owned' by Apple), the GNU Tar utility (used to create and unpack certain types of archive files), and tcpdump (a network monitoring tool; the update provides version 3.9.7, not the current 3.9.8) The problem with Apple distributing non-current versions of open source software is that it makes it easier for attackers to find holes in Mac OS X. They can look for any security-related changes between the versions, and then work out ways of exploiting them. Most of the fixes relate to Apple's own software, including Address Book, ColorSync, iChat, Mail, Quick Look, Safari, Software Update and Spotlight. They generally involve maliciously crafted files or links causing crashes or arbitrary code execution. << First page < 1 2 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking