Apple today posted a Mac OS X update to address a theoretical vulnerability in the Help Viewer application that could have been exposed when browsing the web. The update is available automatically to all users through Apple’s free Software Update service or by going to http://www.apple.com/support/downloads/ .
“Apple takes security very seriously and works quickly to address potential threats as we learn of them-in this case, before there was any actual risk to our customers,” said Philip Schiller, Apple’s senior vice president of Worldwide Product Marketing in the press release. “While no operating system can be completely immune from all security issues, Mac OS X’s UNIX-based architecture has so far turned out to be much better than most.”
To maintain maximum system security and stability Apple always advises that all Mac OS X users keep their system current by installing this and all Mac OS X software updates.
Security Update 2004-05-24 for Mac OS X 10.3.3 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes HelpViewer. Security Update 2004-05-24 for Mac OS X 10.2.8 includes HelpViewer and Terminal.
Security Update 2004-05-24 for Mac OS X 10.3.3 is available via Software Update. More information and download link (271KB) here.
Security Update 2004-05-24 for Mac OS X 10.2.8 is available via Software Update. More information and download link (335KB) here.
That was pretty fast….
Alright! Good Job Apple. I am just a bit worried because supposedly the flaw was reported at the end of February I believe. Lack of action or reply is why the discoverer put it up on the web. It may have not been sent to the correct email address however. Apple should put a “security” link on the top of their entry page. They could explain in detail how much Safer OS X is than windows and why (good promo) AND provide the correct link to report security flaws if they are found.
Whether “That was fast” or not depends on whether it took 3 months to build the patch or if it took a few days to build once the vulnerability was publicized.
Microsoft has a similar vulnerability. Anyone know the status of their patch or even if it exists yet? If they don’t, then you can talk about relative quickness in comparison to M$.
Yet again, Apple proves why they’re OS is superior to that Mickey Mouse swiss cheese garbage from M$. Bravo for the speedy fix Apple!
There you go. “Panic” over.
we
OH NOOOO, now we are back where Windows trolls can come up and brag they can run more software then OS X. Now all those cute Trojans cannot run anymore. Apple is doomed: less and less can run on this planform of the everexpanding user provided sw that runs on Windows.
Sorry to break more bad news, there is ANOTHER Exploit.
A mounted image with a nasty script can be run from a web page link.
Since we have no control if a web site decides to download a dmg or ftp image, if it contains a nasty and appears quickly and behind a window for instance.
Then clicking a disguised web page link will run the nasty script .
Web page links shouldn’t be launching scripts, with this new exploit apparantly they can.
Shoot me I’m just the messenger.
Too bad, it ain’t all fixed yet:
http://www.unsanity.com/haxies/pa/whitepaper/
Kool: tried. Does nothing. The link they provide as *proof* apparently proves me that Apple fixed it. The malware did not start: the link simply downloaded the dmg, period. Nothing of what they described should happen has happened.
Apple 7 – Malware 0
Touch down!
Apple 7 – Malware 7
Malware team just scored: if you visit *again* the link then it works.
I too had no problems with the above link. In fact, since I’m running “Little Snitch”, I had a dialog pop up telling me the application “diskimages-helper” wanted to connect through port 80. I allowed it to connect since I wanted to see what happened. It downloaded the disk image, mounted, and nothing else happened. Looks like “Little Snitch” was my first line of defense, and Apple already got the problem fixed anyway.
valx, your post made my day: I modified the firewall to not allow port 80 access: the malware exploit has been blocked: I now have as a message that malwareosxdisk.dmg was not reachable by clicking on the unsanity link.
Apple 14 – Malware 7
Touch down!
I tried it. The Disk image did download and mount but nothing else happened. I am not running little snitch or anything else. Just did the security update. If I clicked on the malware, what they said would happen did but if I did not then nothing. Sooooo I guess we are back to only downloading applications from trusted sources. Dunno what apple did but it seems to work.
I applied the security update and tried the exploit link. Dmg downloaded and launched…So, I rebooted to ensure the security update had “taken”. Tried the link again and same result; dmg downloaded, launched and wrote the txt file to my home directory…disappointing. Perhaps there’s something else I should be doing? Well, besides being smart and not clicking links from trusted sources, that is…
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
The problems we are experiencing with Mac’s OS (don’t download and launch anything from unknown sources – DUH!!!) is a far cry from being vulnerable to aps being loaded and running without the user’s knowledge – viruses.
As others have said numerous times before, Macs are not perfect, they just seem that way when compared to Microsoft’s OS.
Need something to comapare Mac’s SINGLE problem to? MS Windows have had 78 new viruses show up in the past month. That is more than 2 per day.
http://securityresponse.symantec.com/avcenter/vinfodb.html#threat_list
I think I can deal with 1 concern per 5 years much easier than 78 per month!!
Let’s remember that this is an exploit not a virus or even trojan horse. Unlike many of the windows problems, this one requires YOU to go to a specific location to launch the exploit. In this particular case, being a minority OS is probably an advantage since few people will dedicate their website to take advantage of the security hole.
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
In any case…Apple is fixing it.
I’ll give the run down
1: Help Viewer exploit(s) -Patched by Apple
2: URL scheme exploits – Not Patched
3: Web link runs script in disk image exploit – Not Patched
4: Telnet protocol exploit – Not Patched
This week will go down in Apple history for sure.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Sailfish: cross #4 to user foolishness. Whoever uses telnet instead of ssh is looking for troubles. #3 seems to be treated by configuring the firewall: does not work anymore for me.
What patch? I’m running MacOS 7.1 and I can’t connect to the Internet yet. How do I patch myself.
>Smile<
http://daringfireball.net/2004/05/unsafe_uri_handlers
The above seems a good approach to issues #2,3,4 mentioned above by Sailfish.
The question I ask myself is:
With Microsoft’s billions – how come they can’t act this fast in sorting out virus or security updates??
Apple working this fast says a hell of alot about how much they are for their customers!!
GOOD ONE APPLE – KEEP UP THE GREAT WORK GUYS!!
The mere fact that M$ IS so large means that it can’t act quickly, regardless of the amount of money it has in the bank. They move at the speed of bloat, just like their OS. However, I am still holding out some sliver of hope for Office ’04.
BTW – patch applied successfully; and FWIW never did see any real evidence that this little security problem affected ANYONE adversely or lost any company more than a few minutes time applying said patch, much less any “real dollars”. Personally, I don’t have dmg files open automatically (or any other downloaded files for that matter), use Little Snitch to tell me where the connections are coming from and going to, and that’s only about one-tenth the protection I have to have engaged on my pc at work.
OK everyone. Looks like the Help Viewer thing is just a symptom of a bigger problem.
Apple-X.net discusses the problem here and suggests using Paranoid Android to provide a temporary fix.