iTWire - Extensive security update for Mac OS X

IT&T JOBS|Discussion forum|Releases|Technology Events|IT News for mobile|

Today on iTWire iPhone IT News Telecommunications People Our Blogs Tech Lifestyle Science Sustainability

Live Technology Events - Training - Forums - Summits

Core Dump

Stephen Withers turns his gaze on the world of Apple, with detours into other aspects of IT and communications as they catch his attention.

Technology news and Jobs

Extensive security update for Mac OS X

Extensive security update for Mac OS X

E-mail

by Stephen Withers
Wednesday, 19 March 2008
! Apple's latest security update delivers a slew of patches for Mac OS X, including open source components. The 2008-002 update brings the versions of Apache included with the regular and server versions of the operating system up to date. Apache 1.3.41 and 2.2.8 were released by the Apache Software Foundation two months ago. Similarly, the ClamAV antivirus software that is part of Mac OS X Server is brought up to version 0.92.1, the latest stable release which debuted in June 2007. Apple has been criticised in the past for failing to provide its customers with up-to-date versions of open source projects that are packed with its operating system. CUPS, the Common Unix Printing System now owned and maintained by Apple, is updated to version 1.3.6, released in mid February. Addressed vulnerabilities could be used for denial of service attacks or the execution of arbitrary code with system privileges. The version of PHP (Mac OS X Server only) is updated to 4.4.8, which was released in early January. The update also includes patches for the curl, file and pax commands, Emacs, Kerberos, notifyd, OpenSSH and X11. Software components developed by Apple that are affected by the security update include AFP (arbitrary code execution, authentication bypass), AppKit (remotely-triggered arbitrary code execution), CFNetwork (spoofing by malicious proxy servers), CoreFoundation (privilege escalation), CoreServices (misclassification of .ief files as 'safe'), Foundation (privilege escalation, arbitrary code execution), Help Viewer (arbitrary AppleScript execution), Image Raw (arbitrary code execution triggered by malicious DNG files), mDNSResponder (arbitrary code execution), Podcast Producer (password exposure), Preview (weak encryption of PDF files), Printing (disclosure of login credentials), System Configuration (arbitrary code execution with system privileges), UDF (malicious disk images may cause system shutdown), and Wiki Server (path traversal may allow arbitrary code execution). That's quite a shopping list! Since exploits often quickly follow the disclosure of vulnerabilities (which is why it is so important for us that Apple keeps up with updates from external projects), it seems sensible to apply the update reasonably promptly. The update is available for desktop and server versions of Mac OS X 10.4.11 and 10.5.2. It can be installed via Software Update or downloaded from Apple's web site. Please enable JavaScript in your browser to post your comment! Tags See All Tags Apple Macintosh Open Source Security Software Stephen Withers Support and maintenance Get stories like this delivered daily - FREE - subscribe now

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Plans to Further Align with the Latest Microsoft Technologies

Sterling Commerce Cited as a Leader in Order Management Hubs by Independent Research Firm

NetSuite Australia Targets salesforce.com Customers

DST International parent company, DST Systems, Inc., acquires Bluedoor Technologies Pty Ltd

New Encom Software Solution Provides a Boost to 3D Visualisation

...Promote yourself here

Latest jobs

Visitors last 30 days
Suscribers

904,266
13,751

#1 independent technology news advertise here

Subscribe to our free e-newsletter

- Advertisement -

Sporting Club Scores Communications Win

Sporting Club Scores Communications Win

Today on iTWire