Apple today released Security Update 2007-004 which is recommended for all users and improves the security of the following components:
• AFP Client
• AirPort
• CarbonCore
• diskdev_cmds
• fetchmail
• ftpd
• gnutar
• Help Viewer
• HID Family
• Installer
• Kerberos
• Libinfo
• Login Window
• network_cmds
• SMB
• System Configuration
• URLMount
• Video Conference
• WebDAV
More info and download links:
• Security Update 2007-004 (10.3.9 Server) – 54.1MB
• Security Update 2007-004 (10.3.9 Client) – 37.6MB
• Security Update 2007-004 (PPC) – 9.3MB
• Security Update 2007-004 (Universal) – 16.1MB
Security Update 2007-004 is available via Software Update.
if apple doesn’t hurry up they will never make it to 999.
Now is this was MS and our State Department needed it, then we’d still be waiting wouldn’t we?
“Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine.” — Bill Gates
I sure hope Bill Gates is totally wrong here, I see too many of these security updates lately.
Thankfully OS X market share isn’t such a big target as Windows is.
(yea I know, I disagree)
Difference is, Apple gets these updates out BEFORE these issues ever impact anyone out in the wild. Too bad M$ can’t say the same.
No Mac in the wild has ever been “taken over totally” anyway, Bill Gates is full of sh*t (and FUD) as usual….
Oh one more thing…
For true security, you need to:
1: Backup files, disconnect other drives.
2: C boot from Mac OS X disk
3: Select Disk Utility and Erase w/Zero your boot drive.
4: Install Mac OS X, change your passwords, and immediately Software Update to the present version. (with wired connection to internet)
5: Enable Firewall advanced options especially Stealth mode.
6: Install apps from original sources and immediately update.
7: Avoid apps that demand a admin password to install. 95% of exploits are application exploits. Refusing admin password limits the “hooks” and exploit potential of Mac OS X considerably.
8: Clone your new boot config to a Zeroed external hard drive and keep seperate. Use this clone only when no other drives, including the boot drive (unless Zeroed first while C booted from a OS X boot DVD) are physically attached to the computer.
This way nothing can “jump” over to your pristine clone.
9: Never use your real name when registering Mac OS X, Apple puts your name everywhere.
10: Use low level debit cards online and transfer cash from a low amount savings account.
11: Practice “compartmentalized security” to substancially reduce risk.
Of course there is the slight possibility your machine could be exploited remotely before the OS loads the new security updates. So wireless is definably not the way to go during this crucial period.
It’s best to get new OS update on a disk from a secure source before doing above.
Just because there isn’t any “OS X malware in the wild” doesn’t mean someone doesn’t have a hard on for your box.
Don’t get me started about EFI, this is a totally unprotected powerful firmware environment.
Everything you’ve said here makes sense on paper, but the reality is that OS X has been around for nearly 6 years and still has no malware. OS 7, 8, and 9 combined were around for 6 years, and EACH of them had viruses. They also had fewer users.
Have you checked out the new malware for iPods with Linux installed on them? How many iPods do you think have Linux installed? 200? 300? A thousand? How many non-Linux iPods are there? Over a hundred million. How many viruses for them? None.
Difference is, Apple gets these updates out BEFORE these issues ever impact anyone out in the wild. Too bad M$ can’t say the same.
Right, but if Apple had the market share of Windows, the opposite would be true.
In the Windows world, as soon as a exploit is public, it’s exploited to hell and back with hours.
Apple has had critical exploits that went unfixed for several months and nobody really bothered.
Why is that? Small OS X market share is the only answer.
No Mac in the wild has ever been “taken over totally” anyway, Bill Gates is full of sh*t (and FUD) as usual….
Of course, but he did say “can”.
Rememeber Apple didnt fix the URL Handler exploits of Panther for several months. It was posted on Slashdot and every hacker had seen it but nobody really made any use of it.
No botnets or viruses or anything. Why?
Market share. It’s really hard to find a Mac OS X box out there amongst all the IP addresses of Windows machines.
That’s what has been protecting us.
Beleive it.
And all the iTunes, iPod infections are where exactly, where exactly, yup, where exactly. STFU about market share.
And all the iTunes, iPod infections are where exactly,…?
In Quicktime files.
http://www.eweek.com/article2/0,1895,2078180,00.asp
I took over a Mac just the other day, as a matter of fact ..
So what if it was mine !
Its great that Apple is paying attention to security issues. As long as humans write code, especially millions of lines of code, there will always be some sort of bugs that can lead to exploits.
Apple keep the patches coming….
According to Appleinsider, this is most of what the security patch is fixing.
For the most part, the vulnerabilities addressed by the Mac maker’s latest security update could translate into denial of service attack, unexpected application termination, or arbitrary code execution. However, Apple made note of several more critical issues that could allow malicious users to gain elevated system privileges through AFP Client, Airport, CarbonCore, Kerberos, WebDav and the Mac OS X Login Window.
The Cupertino-based company also addressed two other significant shortcomings of the Login Window. The first, resulting from insufficient checks of environmental variables, could allow local user to obtain system privileges and execute arbitrary code. The other, meanwhile, would at times allow the screen saver authentication dialog to be bypassed without entering a password even when a user had set his or her preference to “require a password to wake the computer from sleep.”
Working fine for me on my old 2002 550 PowerBook.
WiseGuy – If I thought I had to do all that just to feel free to surf the net, I’d find another line of work or hobby. You must have come from the Windows world, where you had bad experiences every other day. I’m content to allow the inherent security of OSX protect me rather than to become paranoid about computer security. You’re making computering sound like not much fun.
And you’re so wrong about the reason there haven’t been any Mac exploits. Sure, they only have 5% market share (and much higher installed base), but with all the shouting going on about Mac security you don’t think that some hacker somewhere wouldn’t just love to be the first to hack a Mac? Some guys even went so far as to fake it. Remember that not long ago, about the “hacked” wi-fi? Only it wasn’t Mac software. If it could be done easily it would have been. Count on it.
@wiseguy,
Wrong!
http://www.macdailynews.com/index.php/weblog/comments/shattering_the_mac_os_x_security_through_obscurity_myth/
I like baked beans, mmmmm…
lol wiseguy….
you see too many security updates soo you are worried that machines will get hacked? why? because they are staying ahead of the break ins? oh my god no!
…if you stop seeing updates BEFORE the vulnerability, then you can get worried.
and that is just the first line. don’t get me started on your often disproved and mindless security through obscurity or you paranoid tinfoil hat wearing steps to take for an update!
again, for the nth time i ask, why is it every message board has someone using names with “reality” and “wise” and “informed” in them, and they are ALWAYS the least intelligent, most divorced from reality posters on the board?
one of life’s great mysteries.
magic word, “efforts” as in your efforts at FUD are for naught.
@Ballonknot
Just because Unix has been around doesn’t mean it’s secure. Just look at this chart.
http://blogs.technet.com/photos/tsimages/images/471076/original.aspx
It seems the “popular OS” that touts “security above all others” all of a sudden begins to have more and more exploits.
Linux used to be the “security” OS. “More eyes looking at the code” was the supposed reason for Linux security and advocatation for open source.
Mac OS X used to tout “Unix security” and now both Linux and Mac OS X are trending upwards in exploits. Why?
Unix is trending downwards because a lot of Unix installations are being replaced by Windows Server.
Windows is actually trending downwards, which is hard to beleive. Unfortunatly for Windows large market share, a single exploit can mushroom overnight.
Mac OS X doesn’t have that problem.
@shen
Great spirits have often encountered violent opposition from weak minds. – Albert Einstien.
Touché – PC
@ WiseGuy:
Where’s the wise hint not to use an admin, but a standard user?
I missed that one in the list.
And beside of that:
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Updates being published before a thread is known, scare me, too.
Or is time travel indeed possible? I’d guess that’s where the secret
10.5 features come from… Does Apple copy future M$ products…?
Sorry, drifted away a bit now…
25 more flaws in Mac OS X.
Yikes, gotta love Apple in times like this.
http://news.com.com/2100-1002_3-6177758.html?part=rss&tag=2547-1_3-0-5&subj=news
Where’s the wise hint not to use an admin, but a standard user?
I missed that one in the list.
Yep I missed that one too. Good catch.
MDW: “soviet” In Soviet Russia, computers update YOU!
What’s all the fuss?
WiseGuy said: “Beleive it.”
:o)
There is a flaw in your argument. The hacker who successfully attacks OS X will get a rep ten miles long. Look at the publicity a Linux iPod exploit (where you had to actually install the “virus”) received.
The hacker who successfully attacks OS X will get a rep ten miles long
LMH’s and Kevin Finisterre’s are right past the 10 mile mark.
LMH said that while his upcoming project had the potential to at least temporarily make security more tenuous for the average Mac user, he believes that in the long run the project will improve OS X security.
“Right now, many OS X users still think their system is bulletproof, and some people are interested on making it look that way,” LMH said.
http://blog.washingtonpost.com/securityfix/2006/12/january_2007_month_of_apple_bu.html
Just remember, what won’t kill Apple will only make it stronger!