Apple releases serious security updates
Apple Computer released a number of security updates today to patch more than 50 vulnerabilities in its software products, including OS X, Safari, and Java.
Much has been made recently of potential problems with vulnerabilities in Apple systems by pundits who say that software security problems will increase along with sales of Apple systems, as hackers begin to pay more attention to the larger number of targets in the wild. However, there is very little in this set of updates to support that theory. The releases made today were more typical in nature, close to the form of releases that have been made in the past.
For example, today’s OS X update (Security Update 2009-001) provides the usual sort of updates to OS X v10.4.11 and Mac OS X v10.5.6. A number of the fixes relate to problems with bundled third-party products such as ClamAV, Fetchmail, Perl, and Python. Updates for those four products actually account for 15 of the patches in this update, according to a PCMag article. Almost as many (14) are for X11. It should also be noted that some of the problems fixed go clear back to 2007.
A couple of other items provide examples of the level of detail. A fix to Coretext fixes a problem in which “viewing maliciously crafted Unicode content may lead to an unexpected application termination or arbitrary code execution.” A fix in the SMB file system could have also allowed arbitrary code execution with system privileges while connected to an SMB file system. Again, typical repairs.
Apple also released a Safari update which squelches a bug that allows “execution of arbitrary JavaScript in the local security zone.” There is a separate update for Safari for Windows which fixes this same bug on that platform. These updates also correct a few other more minor problems, such as cookies which were improperly not being saved to disk.
Two other separate updates fix four bugs in the Java packages released with OS X 10.4 and 10.5. These repairs are in Java Web Start and the Java Plug-in. Like several of the others, these could have resulted in arbitrary code execution with the privileges of the current user. This update fixes four of the seven bugs fixed in an update from Sun in December.
This hardly seems like a mea culpa from Apple that there are big problems in the system security of Apples software. Instead, these fixes just look like business as usual. Unix / Linux experts have long said that operating systems derived from those classics, like OS X, are safer by far than Windows. This update does not seem to provide any proof to the contrary.
Related Posts:
