Apple security updates finding a rhythm

Stephen Withers
Friday, 25 May 2007 13:23

Your IT - Home IT

Although Apple hasn't followed Microsoft's 'Patch Tuesday' lead, security updates for Mac OS X appear to have settled into a monthly pattern with the latest having just been released.

Security Update 2007-005 patches multiple system components against the usual types of problems such as buffer overflows and formal string vulnerabilities.

Some of the fixes are new versions of open source programs, others affect Apple's own code. Several of the issues are only exploitable by a local user, or by a system on the same local network. However, some provide scope for remote denial of service attacks or exploits involving maliciously crafted files.

The components updated by 2007-005 are bind, CarbonCore, CoreGraphics, crontabs, fetchmail, file, iChat, mDNSResponder, PPP, ruby, screen, texinfo and VPN.

The update - "recommended for all users" - is available via Software Update or Apple's web site. Versions are available for the client and server versions of Mac OS X 10.3.9 and 10.4.9

Only eight security updates for Mac OS X were released during 2006. This year's schedule has seen their appearance in January, February, March, April and May. In the same period, a further six non-OS security-related updates covering AirPort Extreme, QuickTime, iPhoto and Darwin Streaming Server.