--
If you'd like to read Apple's notes about Security Update 2009-001, you can click HERE.
Ahead is a quick analysis of what is covered in the update, along with comments.
This security update is specifically for computers updated to Mac OS X 10.4.11 and 10.5.6, both client and server. Presumably it will be integrated into 10.5.7 when it's available.
There are 28 specific security updates including fixes for 48 documented vulnerabilities, making this another whopper relative to the updates we used to get from Apple a couple years back. I like that. The updates cover some interesting aspects of the Mac OS X Apple have not previously addressed. This indicates to me that over time they are carefully combing through aspects of the OS rather than randomly poking around or only responding as they receive vulnerability reports from third parties.
As ever, there are several buffer overflow patches. Memory management remains one of the banes of contemporary coding. I'm getting the idea that this problem won't go away until we invent an AI that can self-analyze its own computer code. It could happen!
A surprising trend in this update is the patching of security problems introduced specifically in Mac OS X 10.5.6. Ahem Apple. Ahem beta testers.
Cookies: There are a couple repairs for cookie problems introduced into the CFNetwork process in Mac OS X 10.5.6.
Printing: Included is a CUPS update as well as a repair of an error in the csregprinter process that allowed system privileges escalation.
Scripting: There are several patches provided for python and one for perl.
Remote Apple Events: There are a couple buffer overflow / out-of-bounds memory access patches.
SMB: Apple themselves patched a couple buffer problems, which is interesting. It's good to see Apple serious about compatibility with Windows networks.
X11: There are a collection of patches regarding font handling, user privilege plundering and several other vulnerabilites in the X11 server.
JavaScript: Here's another bane of contemporary coding. This time the patch is to Safari's RSS handling of feed URLs.
Mail services: A pair of patches are made to fetchmail and another pair to SquirrelMail.
Video: Yet another problem with maliciously crafted media files. This time a patch is provided for the Pixlet codec.
Other patched services include:
AFP Server
CarbonCore's Resource Manager
Certificate Assistant
CoreText
DS Tools: dscl
Folder Manager
FSEvents framework: fseventsd
Network Time
Server Manager: servermgrd
XTerm
And included is a security updated version of ClamAV for both 10.4 and 10.5 Server.
There were also a few other security related updates released today. Here is a list with links provided to their individual security update description documents:
Safari 3.2.2 for Windows
Java for Mac OS X 10.4 Release 8
Java for Mac OS X 10.5 Update 3
The Java security vulnerabilities that were patched include maliciously written web page Java applets allowing user privilege plundering. These problems weren't in Apple's implementation but in Java itself. SOS: Java was supposed to be as safe as a sandbox. Yeah, a sandbox full of land sharks.
My recommendation for security fanatics, as per recommendations from security expert Steve Gibson: If you don't want to take chances with hacker perpetrated JavaScript and Java, use a browser that lets you turn on support for both protocols on a site by site basis. As with using Little Snitch, it can be a PITA dithering around with little stuff on the net. But the geek in me adjusted such that I use site by site service control all the time. The browser I use for this purpose is OmniWeb. It's the bells and whistles web browser for Mac OS X and is well worth paying for if you like its abundant added features. You can also rig FireFox to handle site by site services as well. Camino and Safari are sadly site specific clueless. I haven't tested other browsers.
BTW: Coming up is my long delayed discussion of Tracking Cookies.
Share and Enjoy!
:-Derek
--
Popular Posts
-
This is very easy and simple method to trace phone number not only at India its at worldwide. This is possible due to service and applicatio... -
What is BackTrack 5 Backtrack is a very popular linux distribution for penetration testing. It has hundreds of tools for pentesting and ha... -
When creating a Facebook account, the system automatically assigns the user an identification number, known as the Facebook ID. Facebook al... -
This is Opera Mini Hanler v7.5 which is released for Android OS . With this hacked version, you can browse Internet for free with Airtel,Air... -
Media player without installation. Download Portable Winamp Full (14.5 MB) Download Portable Winamp Lite (8.1 MB) Extract and run Winamp...
-
.jpg)
You must have enjoyed YouTube videos on the official YouTube app on your Android device, but the downside with the app is slow buffering and... -
Ipadian iOS emulators for Windows allow you to run your favorite iOS apps on your Windows computer. Isn't cool to have your iPad apps ru... -
Professional photographer's essential toolbox without installation. English, German, Spanish, French, Italian, Japanese, Korean, Dutch,...
-
Viber Free Calls Viber Free Call and Text Messanging Service With Viber you can Create free call with other viber user.No more Balance cuts ... -
Facebook is our Social Life . Everybody want backup of your life so its not possible but backup of your FB Social Life is Possible. There a...
No comments:
Post a Comment