You are here: silicon.com > Software > Security Strategy

Security Strategy

Apple plugs 31 holes in OS X

But fails to fix "highly critical" kernel bug...

Tags: flaws, security flaws, fix, mac

Printer Friendly Email Story RSS

By Joris Evers

Published: 29 November 2006 08:50 GMT

Apple has released a security update for Mac OS X to repair 31 vulnerabilities, including a zero-day wi-fi hijack flaw.

Apple's Security Update 2006-007 includes fixes for flaws in Apple's own code as well as third-party components that ship with the Mac OS X operating system, such as OpenSSL, Perl and PHP. Several of the vulnerabilities could allow full system compromises, according to Apple's security alert.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

However, Apple's update does not address all publicly known flaws in the operating system. Over the past few weeks bug hunters, as part of an initiative called the Month of the Kernel Bugs, have published details on several new vulnerabilities in Mac OS X. One of those was tagged "highly critical" by security-monitoring company Secunia.

The security researcher who started the Month of the Kernel Bugs - who goes by the code name 'LMH' - said: "Apple hasn't fixed any of the bugs published during the Month of Kernel Bugs, except for the AirPort issue. Apple users are still exposed to any potential risks related to those unpatched issues."

The security hole in the AirPort driver software affects Macs that shipped with Apple's original AirPort card, Apple said. An attacker close to the computer could commandeer a vulnerable system by sending it a malicious network packet, according to Apple's alert.

Other flaws addressed by the Apple update could let Macs be compromised through malicious sites, rigged compressed files or malicious font files, Apple said. The update also fixes four flaws in the Mac OS X Security Framework, the worst of which could crash Macs or display expired security certificates as still valid, Apple said.

The Security Update 2006-007 for Mac OS X client and server software is available from the Software Update pane in Mac OS System Preferences, or Apple's downloads website. Apple recommends Mac users install it.

Joris Evers writes for CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Mac OS X gets an unwelcome visitor

Mac OS X flaw: US gov adds warning

"Highly critical" Mac OS X kernel hole unearthed

Mac virus is damp squib, says Symantec

Mac OS X exploit in the wild

Microsoft and Apple 'must improve security patches'

Apple plugs 26 holes in OS X

Will Mac security fears rise in line with growth?

Macs 'inherently more secure', say Mac users

Mac OS X gets security fix

Apple struggles to fix critical glitch

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead

Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year

Windows 7: Who's adopting it, when and why?


  • Jobs
Localization Engineer - any European languages

The Software Localisation engineer must have attention to detail and the ability to create and adapt.The Localisation Engineer performs general ...

QA / Software Tester - Derby, East Midlands

Understand and interpret software bugs, software enhancements or modifications that are reported internally or from customers and ensure that the ...

iPhone Objective C Developer

Demonstrable iPhone/Mac OS Their apps have reached the number one slot in the iTunes category, and have also been featured by Apple. They are ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

Is Your Enterprise Architected for Tomorrow's Growth?

Improving IT service delivery through an integrated approach to software asset management...

TechRepublic Resource Guide: Software as a Service (SaaS) for Small and Midsize Businesses...

Download a Free Trial of SmartDraw: Learn why SmartDraw is the ideal alternative...

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


eBay's Skype sale gets green light

Join the silicon.com LinkedIn networking group

Windows 7: Over 200 per cent more popular than Vista

Bletchley Park's World War Two codebreakers in their own words

Europe: Brace yourself for a telecoms overhaul

BT offers free fibre to Glasgow businesses




Quick Sitemap Links: