“Apple today patched 92 vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems,” Gregg Keizer reports for Computerworld.
“Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood since March 2008. The update dwarfed any released last year, when Apple’s largest patched 67 vulnerabilities,” Keizer reports.
Apple’s “security roll-up fixed flaws in 42 different applications or operating system components in Mac OS X, from AppKit and Application Firewall to unzip and X11, the Mac’s version of the X Window System,” Keizer reports. “Eighteen of the vulnerabilities were specific to the older Leopard operating system, while 29 were specific to Snow Leopard. The remaining 45 affected both, which are the only editions that Apple currently supports.”
Keizer reports, “The update brings Snow Leopard to version 10.6.3, making this the third major update to the OS that Apple launched in August 2009. Apple also addressed a list of nearly 30 non-security issues in the 10.6.3 update. Leopard users, meanwhile, received only the security patches… Charlie Miller, the researcher who cracked Snow Leopard’s security defenses to take down Safari, said today that Apple had not patched the vulnerability he used last Wednesday. ‘New patch doesn’t fix pwn2own bug,’ Miller said via Twitter. ‘Sorry suckers, gonna have to wait for the next patch.'”
Full article here.
Come on over to my house Charlie and see if you can take over my MBP while you still breathe.
Why is this article here?
Has nothing to do with iPhones or iPads!
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
Nice guy, Miller?
‘Sorry suckers’????
Nice guy….not!
Somebody bitch-slap hom.
So many vulnerabilities…and yet I can still surf the web without any extra security software.
When I run my windows partition, the first thing that happens after an agonizingly slow bootup is I get nagged incessantly to update the antivirus and anti-spyware. And I dare not run any of the web browsers any more than I absolutely need to.
Huge updates like are a minor nuisance by comparison. I love this platform.
I will leave my MacBook Pro sitting on the same network, firewall off, no anti-malware software, running 10.6.3 sitting on the same local network as Charlie Miller for a month UNMANNED and he will never crack it.
Why, because Charlie requires human interaction with the machine before he can do anything.
A truly skilled hacker can crack a truly insecure system without having to physically touch it (or direct a monkey to a particular URL).
The thing is, ALL platforms have the same liability – the loose nut behind the keyboard. Charlie just happens to favor the Mac as his target since it always seems to get him a lot of publicity.
Miller seems to have caught a small case of “butt plug” with a load of elitist prick tossed in.
I’m with Rike. Swing by, I’ll get the beer, and we’ll see if you can bring it or not. My guess, not.
And while on the subject, just how many exploits of your “find” have there been in the real world, oh great meadow muffin?
It is sometimes painfully hard to explain to some family and friends that there is not fewer viruses on a Mac, but no viruses, and that what happenned to Windows simply will not happen on the Mac. And the number one reason isn’t mind numbingly dumb crap like market share, it’s because Mac OS X had a robust and proven security model out of the gate, and Windows simply did not. Security was the last thing of Microsoft’s mind and almost everything that makes browsing the Internet a horror show can be laid at the feet of Microsoft.
The best security for a Mac is still a good lock on your door and a bell around Charlie Miller’s neck so you can hear him coming up the sidewalk.
If Mac users are “suckers,” then what’s he calling Windows users?
What! No mention of snappier?
You call this amazing?
They are security holes in the OS!
Miller is a small time asswipe.
I have a bootup efi password configured on my mac, try to get past that chuck p
I found it funny because, when we got SL it was ‘wow I got all this free space!’
Now with the 500MB patch, it feels like Apple’s taking it all back again~~~!
OKok… I kid …
” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />
What makes this type of stuff a concern is if someone finds an exploitable bug in graphics rendering software or html parsing or something that many people on popular sites can interact with, it could be bad. You wouldn’t have to go to a specific website to get the special exploit code, it could be in a specially crafted photo or html code uploaded to a place like youtube, flicker, etc. and game over
“monster security update”
Whoa, Nelly, it left a big foot print on my hard drive.
Still not as abominable as Windows (talk about scary, like being stuck in a Boggy Creek).
I guess you could say that Leopard is where wolves in sheep’s clothing are not allowed.
Meanwhile, over at Microsoft, the word on security is mum, me thinks…..
I would love to see how much of my hard drive it filled up… problem is it hung while installing and I’m only now getting Leopard reinstalled. Black Screen of Death on boot. Hangs in safe mode and single user mode also.
I had just reinstalled Leopard (due to a problem with Spotlight) yesterday then realized I hadn’t installed the updates until I tried to open iTunes and it wouldn’t play the library as it was created in a newer version. First time ever I’ve had a problem with an update. Here’s hoping it works this time.
As always, every time you pull one your stunts Chucky I celebrate by turning off my firewall, so go ahead Mr crossover cable find me and do your thing, I DARE YOU.
Why do these security hackers have such poor social skills?
@mike
I assume that some of the existing Mac OS software is overwritten by the various updates. But it would be interesting to quantify the next change in the size of the Mac OS from 10.6 through 10.6.3 with all patches.
Everybody ought to suck Charlie Miller’s balls. He needs it bad.
Also not fixed is times new roman font rendering issues in PDF files.
Windows users unaffected.
cwa107,
You win the prize for the best written and most factual post of the day. Congrats! Couldn’t have said it any better myself.