Apple today released Security Update 2007-005 which is recommended for all users and improves the security of the following components:
• bind
• CarbonCore
• CoreGraphics
• crontabs
• fetchmail
• file
• iChat
• mDNSResponder
• PPP
• ruby
• screen
• texinfo
• VPN
Security Update 2007-004 has been incorporated into this security update.
Security Update 2007-005 is available via Software Update and also via standalone installers:
• Security Update 2007-005 (10.3.9 Client) – 42.5MB
• Security Update 2007-005 (10.3.9 Server) – 56MB
• Security Update 2007-005 (PPC) – 15.7MB
• Security Update 2007-005 (Universal) – 29.2MB
More patches for the supposed most secure operating system
GOD I MISS OS9
Installed, then rebooted, it HOSED MY MAC
Got the spinning wheel of death, the G5 based iMac then turboed the fans, I held the power button down and rebooted, I survived.
Still haven checked everything out yet. Still on shaky ground here.
I don’t install anything, especially with admin powers. No gimmicks or OS changes.
Oh god I hope this machine is ok, it’s not mine.
17 more corrections in Mac OS X, HOLY COW!!
How many is that now? over 80 exploits this year?
Read the real news
http://news.com.com/8301-10784_3-9722829-7.html?part=rss&subj=news&tag=2547-1_3-0-5
This brings the total patches for 2007 to 109
God, it’s just like Windows… 🙁
http://blogs.zdnet.com/security/?p=238
so, um, with all these apparent vulnerablilities, how and who is finding them if there are never any exploits?
Do not install this update. I had to reboot about 5 or 6 times. It finally came back but slow. If I had to do it again I would NOT! Let Apple fix it!!
@ sigh
<quote>
Why, oh why, do people not get Zune Tang?
Irony is a literary or rhetorical device, in which there is a gap or incongruity between what a speaker or a writer says and what is generally understood (either at the time, or in the later context of history). Irony may also arise from a discordance between acts and results, especially if it is striking, and seen by an outside audience.
More generally, irony is understood as an aesthetic valuation by an audience, which relies on a sharp discordance between the real and the ideal, and which is variously applied to texts, speech, events, acts, and even fashion. All the different senses of irony revolve around the perceived notion of an incongruity, or a gap, between an understanding of reality, or expectation of a reality, and what actually happens.
<quote>
Gawd, someone that gets it.
Sometimes/ often, it’s like dealing with Cletus Delroy Spuckler reading these responses. Oh well it is the intranets…
D’oh!
Umm… why would you hit the power button before letting it finish? How long did you wait? The update rebooted twice – and it sat there for a while before it finished. I certainly would wait at least 15 minutes before hitting the power button during an update.
Hitting the power button before it finishes is hardly Apple’s fault. 😐
Hey Tanged . . . . .Lots of right wingers apparently don’t get Colbert’s irony either & cozy up to him…..
I just updated..
The only thing I noticed is that the trash is much snappier now.
This brings the total patches for 2007 to 109
God, it’s just like Windows… 🙁
Oh please. I don’t know what’s worse, the lemmings or the Chicken Littles.
Listen, the sky is NOT falling. Apple releases their fixes PROactively, ahead of any problems, while MS releases theirs REactively in an attempt to keep the ship above water. Big, big difference.
Now let’s talk some meaningful numbers. Give me a comparison of the number of live viruses and in-the-wild vulnerabilities, for both OS X and Windows.
Now, is Mac still “just like Windows”?
JayGEE,
And brains are your friend, too.
<i> I’ve been running Vista for months without any malware or uninvited intrusion.<i>
ZT, you’re such a turd. But for anyone who thinks you’re serious:
Wake Vista out of the screen saver, connect it to the Internet, and wait.
Then get back to us with your results.
Zune Tang is no other than the alter ego of MDN.
Hi Zune Tang!
Keep em’ coming!
I like that. The trash is much snappier now.
Why, oh why, do people not get Zune Tang?
Uh, because he’s not funny? Because everything he says is indistinguishable from any real Windows troll? Seriously, how do you know he’s not serious? Has he ever admitted that he’s just doing shtick?
I don’t appreciate bullsh*t like Zune Tang, and Sputnik before him. If you’re going to do satire, at least make it convincing satire. Say something silly for sh*t’s sake. Parroting Windows troll talking points just makes you a Windows troll, not a satirist.
Snappier trash is always a good thing,
Zune Tang keeps hist trash talk pretty ‘snappy’!
I’m on an old G3 iBook, never bothered with security updates. The machine is as it was the day I bought it except for putting Tiger on it. Never had any problems
Mac OS X has its roots on BSD Unix and Mach-O, being the evolution of the NEXT operating system.
Uhmm let’s see what we’ve got here:
• bind – NON Apple sw. Apple is simply proactively applying security improvements coming from the Open Source community.
• CarbonCore – Apple sw. Carbon is there to allow a smooth transition of old applications into Mac OS X. Carbon permits a good degree of forward and backward compatibility between source code written to run on the older and now dated Classic Mac OS (Version 8.1 and later), and the newer Mac OS X. Apple still looks at improving security in what in essence is support for legacy applications.
• CoreGraphics – Apple sw. I wonder whether the big steps forward security-wise implemented in Leopard now can trickle down into Tiger as well. Leopard is now feature-complete, and WWDC is days away now.
• crontabs – non Apple sw. Open Source community improvements
• fetchmail – non Apple sw. Open Source community improvements
• file – non Apple sw. Open Source community improvements
• iChat – Apple sw. Same comment as for CoreGraphics
• mDNSResponder – non Apple sw. Open Source community improvements
• PPP – non Apple sw. Open Source community improvements
• ruby – non Apple sw. Open Source community improvements
• screen – non Apple sw. Open Source community improvements
• texinfo – non Apple sw. Open Source community improvements
• VPN – non entirely Apple sw. Open Source community improvements
It is amazing to read some people considering releases of Security Patches as a weakness. Security is a MOVING TARGET, people after attempts at breaching security examine OS and API source code constantly to find new and innovative ways to crack into a system. ONLY possible way for a system to stay secure is to improve the security PROACTIVELY, doing the very same detailed scrutiny of crackers but with the goal of removing potential security breaches. The Open Source community has simply non equal in that respect.
It is also true that Microsoft traditionally tries to close the doors after the cows escaped the barns, which is the ultimate definition of betraying paying customers. OK, Microsoft must know the majority of its customers are pirates and thieves hence adopts the attitude we all know, with its policy of “By default you must be a thief: prove you are not” in all its customer treatment.
Reactivity in security means you are a joke, or you are not considering security an important thing. Again, if MS customers are by default thieves, who cares if they lose data?
MS in recent times has changed a bit but still silly. The Tuesday update is a stupid thing. It always gives AT LEAST a week time for crackers to implement and exploit. It usually takes hours to do that.
Apple is proactive and when forced to react (MOAB, recent Quicktime Advisory) it reacts in matter of hours.
I am smug? Might be but we have reasons to be smug.
The security improvements touch 13 areas. To me that is simply put:
Apple: 13
crackers and malware writers: 0
Hardly MS will be ever be capable of being ahead of malware. At best it can catch up better and follow from a shorter distance. Windows is so much ridden with old code (in Vista as well) and so much spaghetti-code that even MS engineers know they simply have Mission Impossible. They have a sinking boat and the only things they can do is putting more and more pumps to clear the water that keeps coming.
^^^ What deleted said.
There is a difference between being proactive and being reactive….Apple is always proactive towards potential vulnerabilities….Mircosoft on the other hand…is always reactive towards exploits. Apple patches up potential flaws before it is taken advantage of….while Microsoft patches up after the system is taken advantage of and turned into a botnet (in many cases).
Apple’s direction towards security is tremendously better than what Microsoft’s approach towards security is…which is a mere joke of a job at most, and when you pay $300 for an operating system in Microsoft’s case…it is considered almost criminal to have this much exploits.
OK, Listen up!
When you really believe in something or someone, it’s just human nature to downplay and make up logical excuses for their errors.
The latest one from the Mac religious types in defense of Apple’s rather bad OS coding of Mac OS X is “they fix vulnerabilities proactively, before a exploit occurs”.
Well this sounds all fine and dandy, but the fact is they don’t. The Mac security community is helping Apple find bugs, which means that Apple don’t do a good enough job themselves.
So what’s wrong you say?
Well if the good buys are finding vulnerabilities, so are the BAD GUYS.
The Good Guys tell Apple and don’t use the vulnerabilities.
The bad guys don’t tell Apple and use the vulnerabilities for a exploit which they keep a closely guarded secret or sell for a profit (US Army and FBI buys them), especially from the mark. So they certainly don’t announce their presence in your machine with irregularities that will give people and the online community notice, like spreading viruses and spam.
I’ll tell you the truth, on my sworn oath. I have been infected by malware of some-types on my Mac OS X machines. It’s by being super-observant and monitoring the packets with a hardware sniffer instead of something based on software.
When I notice unusual behavior or when a Security Update is needed, I disconnect from the internet (as a exploit could piggyback on a update or before one). I c-boot from a OS install disk which is write protected and completely Erase w/Zero the internal hard drive (and other drives if they have been connected) and completely reinstall the OS and software update from a disk, not online. This means I have to download the OS update from a secure machine, usually another computer with a different IP address.
This is the only way to be nearly 100% sure that you got a clean box from previous exploits.
Because if your installing Security Updates after the fact, it’s really not much any good security wise, they are already in.
In my last words, Apple should be ashamed of themselves for writing such a bad OS with presently 109 exploits and counting.
More Info and MacSecuriyMan: Stop confusing vulnerabilities with exploits. Either you’re FUDmeisters who are consciously trying to sow fear of real exploits among the less knowledgeable, who don’t realize that vulnerabilities are potential avenues for exploits to use (whether or not any actual exploits have been created yet to take advantage of them), or you’re idiots for not knowing the difference. There ARE NO exploits in the wild for Mac OS X.
I really wonder about some on here. Still questioning Zune Tang. Ffs. He is part of the furniture at this stage. Cant believe some people dont get him yet.
” width=”19″ height=”19″ alt=”rolleyes” style=”border:0;” />