Apple today released Security Update 2007-004 which is recommended for all users and improves the security of the following components:
• AFP Client
• AirPort
• CarbonCore
• diskdev_cmds
• fetchmail
• ftpd
• gnutar
• Help Viewer
• HID Family
• Installer
• Kerberos
• Libinfo
• Login Window
• network_cmds
• SMB
• System Configuration
• URLMount
• Video Conference
• WebDAV
More info and download links:
• Security Update 2007-004 (10.3.9 Server) – 54.1MB
• Security Update 2007-004 (10.3.9 Client) – 37.6MB
• Security Update 2007-004 (PPC) – 9.3MB
• Security Update 2007-004 (Universal) – 16.1MB
Security Update 2007-004 is available via Software Update.
@ Wiseguy
Have you had enough hits now so that you can stop blathering, or do you need a bigger fix?
MW: age. As in, those straw-man arguments were dispensed with an internet age ago…
That was a pretty chart. But it meant nothing. Anyone can post a fancy colored chart showing growing Mac vulnerabilities. But the score still stands 150,000 to 0 in favor of Windows.
…screwed up my Mail. I can’t raed any of my emails. I get the header, but, no body in the email. Grrrrrr
There have been a troubling number of Mac security updates lately. I will feel much better once they release Leopard, and have all the latest Mac OS X security by default.
@ Wiseguy “In the Windows world, as soon as a exploit is public, it’s exploited to hell and back with hours.
Apple has had critical exploits that went unfixed for several months and nobody really bothered.
Why is that? Small OS X market share is the only answer.”
There IS more then one explanation: even with potential security holes, Mac OS X still has multiple layers of security that would make a destructive program near impossible. A theoretical Mac OS X virus has many hurdles to leap over, such as administrative access requiring a password, that root access is disabled by default, that Safari web browser does not allow web scripts to modify system files, etc.
The difference between Mac OS X security and Windows security is simple: one is brilliantly engineered, the other is broken patchwork.
Any idiot who knows a little javascript can read the details of an unpatched windows vulnerability and create a trojan.
On the flip side, a computer hacker, who has all the details of Mac security flaw, would still face an enormous challenge developing a Mac virus to full fruition, a challenge so near impossible that success would be an unprecedented achievement of master hackery.
@ Wiseguy, again, about that huge list of security precautions: you remind me of me back when I still used Windows, except slightly more paranoid. But at least I had an excuse, having spent hours battling viruses and spyware, mostly on other people’s computers. Experience as the resident tech guy has taught me a lot: Windows malware is a fearsome monster, never to be underestimated, always shrouded in deception, that often cannot be destroyed without formatting the entire OS. I sleep much better now that I own a Mac.
LMH’s and Kevin Finisterre’s reputations are in ruins because they couldn’t back up what they claimed.
They, like WiseGuy, confuse flaws with vulnerabilities and vulnerabilities with exploits. The reality is that no OS (or anything else!) is without flaws, but not all flaws are vulnerabilities. Most flaws aren’t! Likewise, not all vulnerabilities can be exploited to the point that they become real threats.
Windows users like WiseGuy have trouble understanding this because in Windows many flaws are vulnerabilities, and many vulnerabilities are easily exploited. That’s what happens when you start out with a poorly written OS and then insist on retaining backwards compatibility with lousy software written decades ago!
The plain truth is that there are lots of people who would love to create an exploit for the Mac, and they’ve been trying for years. There’s only one reason they haven’t been successful and it’s got nothing to do with market share.
– I sleep much better now that I own a Mac, where even a theoretical virus can not gain root access, therefore cannot touch any vital system files.
Proof that Aple is not secure. I sent some of these issues to apple months ago and they’re just fixing them? Proof that its aplle’s miniscule market share that keeps them safe.
@WiseGuy
I appreciate your attention to security…but I caution you on confusing vulnerabilities with exploits.
The numbers of vulnerabilities for Unix, Linux, and Mac OS X, Have been increasing while for Windows they have been decreasing.
An open system should have more discovered vulnerabilites than a closed system like Windows.
This actually has a positive effect of discovering and fixing the vulnerabilities quicker, thus causing the the OS to become more secure over time.
This is the way you want it to work. More vulnerabilities discovered are much better than more vulnerabilities hidden.
When they are hidden like the ones in Windows…attackers don’t publish them, they use them in secret for their benefit. Zero Day exploits can fetch a lot of money on the underground market.
Again…Vulnerabilities do not equal exploits.
@Wiseguy
You obviously came from Window$ world to be that paranoid. Keep floating that security via obscurity myth and maybe just maybe some ignoramus will believe you.
A single Mac exploit will definitely earn someone reps more than you’re trying to get. But then no one’s really broken and taken over a Mac or have you?
Makes me wonder what happened to the CanSecWest contest where they’re giving away 2 loaded and souped up MacBook Pros to those who can break in them. The 3day grace period is almost over. I haven’t heard anybody break one as of this posting. I can hear them say, “Gents, prepare your speeches in order to get these MBPros.” hehehe.
Anybody who believes this Security via Obscurity is just as flawed as microsuck.
@denuj
I have not heard anything either about the CanSec contest…
I wonder why there has bee no news about it. I guess in this case, no news is good news.
DON’T UPDATE
Hi. My iBook G4 won’t boot after the update. I get a command line screen. After typing mac-boot, I get a flashing folder with a question mark. Wish me luck in fixing this!
Cool, another update. And so soon after 10.4.9 came out. The frequency of updates must mean that Leopard is right around the corner… oh wait, never mind, I forgot we’re talking about Apple Inc. not Apple Computer.
@Lee
just rebooted after installing the updates. no problems so far.
@Shinobi
yep. no news is good news in this case.
OK NOW
Somehow my iBook is booting now. The only thing I did was unplug my mouse and printer. Weird.
The CanSecWest PWN to OWN two MacBooks just started today. Here’s the link:
http://cansecwest.com/post/
Just as I was about to post that.
I wished they’ve given more time for the guys to try to break in. Just to prove a point.
Otoh, OS X has been out there years already and no exploits so far. Compared that to the supposed-to-be-WOW-that-turned-WEH Microsoft OS that is Vista.
http://news.com.com/8301-10784_3-9710845-7.html
Update on CanSec…They are now offering 10,000 to anyone who can break into the macs!
@WiseGuy
25 flaws this time, compared to the tens of thousands of exploits/viruses/what have you for Winblows. Gee, I think I’ll take my chances, thanks…
Why don’t we just settle this: ALL computers, no matter how secure any of them claim to be (Macs with OSX included), WILL have security flaws which need to be patched. That’s just the way it is, and the way it will always be.
For bestest security:
1. turn power off
2. put in safe in closet
this REALLY works
Be wary of this security update. Many users on the apple discussion forum have reported that this security update resulted in the corruption of iCal and/or iSync applications. I haven’t been able to get iSync to sync my calendar to my dot mac account since I installed this update. And iCal unexpectedly quits immediately after opening it and that started immediately after installing this security update. If anyone can offer any help to get iSync and iCal up and running again I’d be grateful for an e-mail.