- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
But fails to fix "highly critical" kernel bug...
By Joris Evers
Published: 29 November 2006 08:50 GMT
Apple has released a security update for Mac OS X to repair 31 vulnerabilities, including a zero-day wi-fi hijack flaw.
Apple's Security Update 2006-007 includes fixes for flaws in Apple's own code as well as third-party components that ship with the Mac OS X operating system, such as OpenSSL, Perl and PHP. Several of the vulnerabilities could allow full system compromises, according to Apple's security alert.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
However, Apple's update does not address all publicly known flaws in the operating system. Over the past few weeks bug hunters, as part of an initiative called the Month of the Kernel Bugs, have published details on several new vulnerabilities in Mac OS X. One of those was tagged "highly critical" by security-monitoring company Secunia.
The security researcher who started the Month of the Kernel Bugs - who goes by the code name 'LMH' - said: "Apple hasn't fixed any of the bugs published during the Month of Kernel Bugs, except for the AirPort issue. Apple users are still exposed to any potential risks related to those unpatched issues."
The security hole in the AirPort driver software affects Macs that shipped with Apple's original AirPort card, Apple said. An attacker close to the computer could commandeer a vulnerable system by sending it a malicious network packet, according to Apple's alert.
Other flaws addressed by the Apple update could let Macs be compromised through malicious sites, rigged compressed files or malicious font files, Apple said. The update also fixes four flaws in the Mac OS X Security Framework, the worst of which could crash Macs or display expired security certificates as still valid, Apple said.
The Security Update 2006-007 for Mac OS X client and server software is available from the Software Update pane in Mac OS System Preferences, or Apple's downloads website. Apple recommends Mac users install it.
Joris Evers writes for CNET News.com
Mac OS X gets an unwelcome visitor
Mac OS X flaw: US gov adds warning
"Highly critical" Mac OS X kernel hole unearthed
Mac virus is damp squib, says Symantec
Microsoft and Apple 'must improve security patches'
Will Mac security fears rise in line with growth?
SYSTEMS ADMINISTRATOR - APPLE MAC & OS X DESKTOP SUPPORT - Cambridge, South East The European Bioinformatics Institute (EBI) is a non-profit academic ...
Embedded C developer required for this hardware interfacing contract where expertise in one of either 802.11, bluetooth or wi-fi expertise is ...
Novell NetWare, Linux, and Apple Mac OS - Experience of remote computer systems management Desirable Requirements Include: - Knowledge of Novell ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...