Independent security researcher says Apple’s latest Mac OS X fixes fall short

“Apple Computer released its third major patch this year for the OS X operating system on Thursday, fixing 31 software vulnerabilities in a range of products that could be used by remote attackers to compromise Mac OS systems,” Paul F. Roberts reports for InfoWorld. “But independent security researcher Tom Ferris told InfoWorld the latest patch doesn’t cover other critical holes he reported to Apple, and that he may soon publish the details of those flaws, too. Security Update 2006-003 was published on Apple’s Web site and includes software fixes for holes in OS X, the Safari Web browser, and Mac components for viewing image and video files. Included are fixes for a number of security flaws publicized by Ferris in April.”

“Ferris said there were still holes in Safari, QuickTime, and the iTunes application that he reported to Apple but were not patched in the latest release. He did not publish details of those holes on his Web site in April, but he described them as critical flaws that allow remote code execution,” Roberts reports. “Ferris said he is considering releasing the details of the unpatched holes on May 14 on his Web site. He also says he has found new holes in OS X affecting TIFF format files and BOMArchiver, an application used to compress files. He did not provide details about the flaws or proof of their existence… Officially, Apple downplays security holes in its products and new OS X attacks — which are still rare compared to those targeting Windows systems. But some security industry insiders have suggested that the company should appoint a chief security officer to coordinate the company’s response to security. An Apple spokesman did not immediately respond to a request for comment.”

Full article here.

Advertisements:
Get the new iMac with Intel Core Duo for as low as $31 A MONTH with Free shipping!
Get the MacBook Pro with Intel Core Duo for as low as $47 A MONTH with Free Shipping!
Apple’s new Mac mini. Intel Core, up to 4 times faster. Starting at just $599. Free shipping.
Apple’s brand new iPod Hi-Fi speaker system. Home stereo. Reinvented. Available now for $349 with free shipping.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.

Related articles:
Apple releases Mac OS X Security Update 2006-003 – May 11, 2006
Mossberg: Is there a virus threat for Apple Macs? – May 11, 2006
‘Mac security’ garbage reports continue to proliferate – May 10, 2006
ZDNet: Reduce OS X security threats – ignore security software – May 05, 2006
McAfee announces virus protection for Intel-based Apple Macs – May 05, 2006
BusinessWeek: New Apple Mac ads stir up Mac security overreaction – May 04, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
Macs and viruses: the true story – May 02, 2006
Anti-Mac FUD machine shifts into overdrive – May 01, 2006
FUD Alert: Viruses don’t catch up to the Mac – May 01, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
Why pay Symantec for flawed ‘security’ app designed to protect Apple Macs from nonexistent threats? – December 27, 2005
‘Highly critical’ flaw in discovered in Symantec AntiVirus for Mac OS X – December 21, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005

55 Comments

  1. It is finally admitted: They both suffer from broken bones

    Using OS X will not save you from security problems! It definitely is exactly like Windows. With both you may suffer from the same problems.

    UHAOHHAHAHAHAHAHAHAHAHAHHA

    <above is the usual idiotic Windows user take on news of released security patches for OS X. And they glee on the news. Sux big time being such tools>

  2. Re: If it were easy…

    It would have been done by now. Would you Apple to have withheld all patches until all were ready? OS X computers range from most g3 models on PPC through all G4-5 desktops and laptops through new Intel CPU systems in a wide variety of configurations. Making sure that a software patch closes the hole without opening others, breaking functionality on multiple CPU, GPU & hardware combos is not as easy as finding them.

    Funny, that sounds exactly like what a Windows apologist will say when an Apple zealot says something bad about Windows patches. Just substitute “various versions of Windows”.

    I’m not saying one is better than the other, just pointing out the double standard that exists around here. Then again, why should I be surprised?

  3. Nothing is bullet-proof if you have a big enough bullet or have really good aim.
    Like in myth and lore, Achilles had his heal, and the Death Star had the exhaust port. There is always a vulnerability somewhere. But knowing where it is, is a lot different than being able to get to it and cause trouble. I have yet to hear of a “serious” attack on Macs.

  4. What are the names of all these new viruses, trojans, and spyware out there for Mac OS X? I would appreciate it if our enlightened visitors were specific, so that I can write down the long list and cry into my soup.

    I appreciate you guys telling me how bad off I am. I had no idea!

  5. Ok guys, I need help with my dad’s imac. He set it up and has been using it in Admin mode for 2 years now. If I start a new account all his stuff in the Admin account is not there. What is a good/easy way to get him off Admin account and start a regular account and get all his stuff over???

  6. I need help

    Go into Accounts in System Prefs and create a new admin account. Then demote your Dad’s account to a user account by unticking the “Allow user to administer this computer” checkbox. Come out of System Prefs and open the Terminal.

    Use the command: login <name of your new admin account>
    Use the password you’ve configured.

    You now need to take a look at the directories your Dad’s account is still the owner of, since his account will still have full permissions to them, so they’re still vulnerable. Most of these will be in the Applications directory.

    Type

    cd /Applications

    then

    ls -l

    to get a list of all the folders and the permissions applied. Each app is a folder, so iPhoto shows as iPhoto.app, but it’s actually a folder containing other files.

    Any folders that are shown as owned by your Dad’s account need to have the ownership changed.

    Do this using the CHOWN command

    Type

    sudo chown -R <new admin account name> <folder name>

    e.g.

    sudo chown -R EdgeleyAdmin iPhoto.app

    Type in the password again to run the command.

    Repeat as necessary. This will protect most things, although you should also check /Library to ensure that your Dad’s account doesn’t own anything in there too.

  7. For all of you that paid top dollar for iSight:

    Microsoft expands HD lineup with LifeCams

    VX-3000

    – 640×480 resolution video
    – WL Messenger integration
    – “Exclusive Call Button”
    – One touch Spaces blogging
    – HD Stills: 1.3 megapixels
    – Universal mounting device
    – On the fly video effects
    – Pan/Zoom/Tilt capabilities
    – Automatic face tracking
    – Built-in microphone

    Estimated cost: $49.95 USD | Amazon.com page

    The VX-3000 is the low-end cam that still offers HD pictures. Microsoft is aiming for the mainstream with this one.

    VX-6000

    – HD Stills: 5.0 MP
    – HD Video: 1.3 MP
    – Wide angle lens
    – 3x Digital Zoom
    – Plus all of the features of the VX-3000

    Estimated cost: $99.95 USD | Amazon.com page

    The VX-6000 is the high-end desktop webcam. This is what you get when you want the best quality and functionality currently available on the market.

    : ) Enjoy!!

  8. Outta KoolAid: That’s why competition pushes product development. Slightly O/T: What incentive does Adobe have for improving their products now that they’ve swallowed their only main competitor whole?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.