Apple releases huge security update, Goatse Man said to be jealous of gaping security holes
Apple has released their second biggest security update of the year, covering 25 vulnerabilities in 20 components.
Most of the vulnerabilities could allow an attacker to execute malicious code, although no exploits have been reported so far. Components at risk include iChat, fetchmail and Libinfo. Apple has also addressed an issue with the Login Window that would allow the local user to obtain system privileges and execute arbitrary code. You can learn more about the vulnerabilities here.
Early indications suggest that the update is safe to run on OSX86 installations.
---------
From insanelymac.com. Happily, I don't have to worry about when my OS vendor is going to drop another set of security updates. Whenever security problems are found with Ubuntu's supported programs, and patches are available from the developers, Ubuntu packages them and pushes them immediately to users, rather than waiting until they've got a big set and releasing them all at once.
EDIT: Apple has got a terrible security record; I just checked the list of what this update entails:
1. A fix for an installer bug found in the Month Of Apple Bugs. The MOAB was Janurary. It is now April.
2. THREE bugs from last year, two of them with "arbitrary code execution". Actually, it seems that all the security patches this time are for arbitrary code execution, except for the third 2006 bug - that's one which conveniently sends passwords over the Internet in cleartext. And THIS bug was fixed upstream in November 2006!
What the fsck is Apple thinking? This security hole is bigger than the Goatse Man's anus, and they've taken 5 months to distribute the fix!
Comments