Apple megapatch plugs 45 security holes

[Ankur Mittal]

The megapatch, also known as Mac OS X 10.4.9, is the seventh Apple security patch release in three months. It deals with vulnerabilities in Apple's own software, as well as third-party components such as Adobe Systems' Flash Player, OpenSSH and MySQL. Sixteen of the vulnerabilities addressed by the update were previously released as part of two high-profile bug-hunting campaigns. Several of the flaws could be exploited to gain full control over a Mac running the vulnerable component, according to Apple's advisory. Other holes are limited and could only be exploited to crash a Mac or used by somebody who already has access to a machine.

Eight vulnerabilities are related to the way Mac OS X handles disk images; mounting a malicious image may lead to an error and could provide a means for an attacker to breach a Mac, Apple said. Nine vulnerabilities were released as part of the Month of Apple Bugs in January and seven bugs disclosed in the Month of Kernel Bugs in November. While several of the vulnerabilities repaired by Apple's updates were previously known, it doesn't appear that any attacks that exploited the flaws actually occurred. Apple also issued a second update which fixes a security bug in iPhoto that could allow an attacker to craft a malicious "photocast" which, when opened, could compromise a Mac.

News source: News.com

[gxsaurav]

So, 7 updates in 3 months, each fixing more then 10 bugs, atleast 70 bugs in 3 months

Wow, thats so low compared to Other OS

[kirangp]

Hmm..well it proves that all OSes are susceptible to viruses,hackers...Loopholes are always created & fixed afterwards...All programmers make mistakes

[goobimama]

10.4.9......that means......next up is 10.5!!!

[kirangp]

10.5 means LEOPARD the next series of MAC OS...this will be the last patch I guess b4 Leopard comes out

[alsiladka]

Theres a rumour that leapord's gonna be out somewhere in April.

BTW, as mentioned above , 7 updates in 3 months with so many security holes fixed
Feels so safe using a MAC

[kirangp]

Well it is sort of safe using MAC because not too many viruses,spyware etc are made for MAC..Even if they fix the vulnerabilities after 1 yr nobody would have any idea about it...

[gxsaurav]

Quote:

Originally Posted by goobimama

10.4.9......that means......next up is 10.5!!!

Wait, what if a bug is found 6 months after the relese of leopard in Tigar, will they fix it?

[Pathik]

i dont think so... btw by that time all users ll hav migrated to leopard...

[goobimama]

Nice observation GX. I wouldn't know cause I've been in the mac world only since Tiger, but I hope they do provide individual software patches (they do that, doesn't have to be an upgrade in the version number)...

[mail2and]

Quote:

Originally Posted by goobimama

Nice observation GX. I wouldn't know cause I've been in the mac world only since Tiger, but I hope they do provide individual software patches (they do that, doesn't have to be an upgrade in the version number)...

They provide all updates in the form of 'security releases'. So, all bugs, vulnerabilities etc are patched. Look up the software downloads section on the support site, you'd find updates for Panther released along with updates for Tiger.

[aryayush]

Quote:

Originally Posted by kirangp

Well it is sort of safe using MAC because not too many viruses,spyware etc are made for MAC..Even if they fix the vulnerabilities after 1 yr nobody would have any idea about it...

Edit: The phrase "not too many" is wrong. There have been zero "viruses,spyware etc" for Mac OS X ever since it was released in 2001.

I am downloading it at present, I hope there are some new features too - maybe even a taste of Leopard!
__________
About the Mac OS X 10.4.9 Update (delta)

[nepcker]

OS X is a lot less buggy that other OSes. Even when other OS makers (like M$) find a bug or a vulnerability, they are lazy and release the patch very late or not at all, but Apple fixes it quickly. Stats about no. of bugs unfixed should tell that there are zero discovered bugs left for OS X.

Tiger hitting its ninth update since the 2005 release of OS X 10.4 must mean that Leopard is just around the corner. And if you look at the timing around the last couple of OS X 10.4 updates—10.4.6 came out last April, 10.4.7 followed in June, and 10.4.8 appeared in September—you get… well, no discernible pattern, really. A fairly steady drumbeat of about three months between incremental updates followed by the six-month stretch between 10.4.8 and 10.4.9. Most people seem to think that puts OS X 10.5 in the May/June timeframe which would certainly be within the Spring 2007 window Apple mentioned when previewing Leopard last summer.

That, of course, assumes, two things—1) that Apple isn’t perfectly capable of slapping on a .10 or a .9b or even a .May2007 at the end of any additional OS X 10.4 update; and 2) that Apple’s going to hit its self-imposed Spring 2007 deadline for Leopard. I don’t think there’s anything precluding Apple from doing No. 1. As for No. 2, all public signs seem to suggest that OS X 10.5 is on schedule.

A good link to check is http://www.macrumors.com/2007/03/12/...id-late-april/

[gxsaurav]

Just to let you know about the Quality Control at Apple

Wow, means those Apple ADs were wrong. Macs do crash, they do have numuras bug just like any other OS

[kirangp]

[quote=aryayush]Edit: The phrase "not too many" is wrong. There have been zero "viruses,spyware etc" for Mac OS X ever since it was released in 2001.

I dont think so...hehe...MACs are already affected by viruses..yes Mac OS X itself...well even thought it happened in Feb 2006,u still dont have idea about it...I am quite surprised...Have a look at these 2 articles

http://www.sophos.com/pressoffice/ne...acosxleap.html

The second one is even more better...

http://www.marketwatch.com/News/Stor...oo&siteid=yhoo

[goobimama]

^^

Quote:

The only way you can get the Leap-A malware on your machine is if you take some action to put it there yourself.

Quote:

The Leap-A malware does not mean that OS X is any less safe from viruses than it was prior to its release. Socially-engineered malware has always been possible, and will always be possible. If you can get a user to run something, then clearly, you can choose to do whatever you wish while your code is executing. While there are some things Apple can do to make us all even safer (for instance, InputManagers should not be installable without explicit permission), I still believe OS X is a very secure operating system, and I have no concerns about using it on a daily basis. Neither should you.

....http://www.macworld.com/news/2006/02...afaq/index.php

[kirangp]

^^
ya oK ...But all I wanted to prove is MAc OS X have got viruses & I proved it

[aryayush]

Yes, and a virus that cannot affect your machine without any action your part (i.e. by itself) is called a proof of concept code. It is not an actual virus in the wild which poses a threat to Mac OS X security.
There has never been any actual virus for Mac OS X, not even a single one.

@gx_saurav
I am typing this on a MacBook Pro running Mac OS X 10.4.9. I updated the day before yesterday and am pleased to report that there have been no problems with my machine.
Macs do crash, that much is true, but the frequency of these crashes is a fraction when compared to the crashes suffered by PC users running Windows. I, for one, have not had a single crash in the seven months I have had my notebook.

As for bugs, every piece of software ever written is bound to have some bugs. And I do not think you have expertise enough to judge the number of bugs in operating systems.

[kirangp]

Fellow MAC brothers...instead of downloading this patch I advice you to visit this thread & wait for a few more days for apple to release a revised patch
OS CRASH - Mac OS X 10.4.9 Update Causing Ugly Crashes?

even though I dnt use MAC I take interest in others' well being...hehe
__________
Aryayush now instead of accepting that there is a virus,you are taking a new meaning out of the sentences...Anywayz I am even more convinced about a virus being present in MAC OS X & have also given you the source...If you dont take in the right spirit & accept it then I dont know what else to say...

[aryayush]

Hey, c'mon man! I know about these reports of viruses and when I posted the original statement about there not being any virus for OS X, I had taken these reports into account. It is a fact that there isn't a single virus for Mac OS X out in the wild. It is not about accepting or denying anything. It is a truth. If you don't want to believe it, I cannot do anything about it.

But the virus you are talking about is called a proof of concept code. It is demonstrated that Mac OS X has a flaw that could be taken advantage of if it did not have so-and-so protections. It is not a virus because it cannot exploit that flaw with the protections in place which are there by default in Mac OS X. That is why it is called a proof of concept. I hope it is clear now.

The fact of the matter is that browsing the internet without installing third party anti-virus software is highly insecure in Windows, while on a Mac, you could purposely download malicious files and they still wouldn't harm your system.

[gxsaurav]

Quote:

Originally Posted by aryayush

I am typing this on a MacBook Pro running Mac OS X 10.4.9. I updated the day before yesterday and am pleased to report that there have been no problems with my machine.
Macs do crash, that much is true, but the frequency of these crashes is a fraction when compared to the crashes suffered by PC users running Windows.

Read again, that Update is not crashing every Mac, just like not every installation of Windows crashes

Quote:

I, for one, have not had a single crash in the seven months I have had my notebook.

My sisters Windows XP SP2 laptop has not crashed in 3 years . It was installed 3 years ago & I install the usual updates on it regularly. Guess what she does on it, mail, music, movies, browsing, accounting, excel & everything noraml. Obviously it never crashes due to these....so doesn't your Mac .

No PC or Windows installation crashes on it's own. It crashes only due to incompatible drivers or if you try to screw your computer yourself using registry hacks etc.

Quote:

The fact of the matter is that browsing the internet without installing third party anti-virus software is highly insecure in Windows,

Plz contact Sourabh & GX & many more users on this forum using there systems without any AV. Just ad muncher & a firewall.

Quote:

while on a Mac, you could purposely download malicious files and they still wouldn't harm your system.

Obviously, cos it's not made for Mac. What a point to explaing security of Mac

[eddie]

Quote:

Originally Posted by aryayush

Macs do crash, that much is true, but the frequency of these crashes is a fraction when compared to the crashes suffered by PC users running Windows. I, for one, have not had a single crash in the seven months I have had my notebook.

As for bugs, every piece of software ever written is bound to have some bugs. And I do not think you have expertise enough to judge the number of bugs in operating systems.

OMFG I am seriously bookmarking this post!!! This is a historical post that should be written in golden words in ThinkDigit's history books.

A little about this Leap-A thing (that I knew nothing about till today) from that Mac supporting link i.e. Macworld

Quote:

To get Leap-A on your machine, you must (a) receive the file, which is compressed; (b) expand the archive; and (c) double-click what appears to be an image file to execute the code.

Isn't this how most of Windows "viruses" work? You get Anna Kournikova's or Brintney's latest nude pics in mail and when you open them...kaboom? I see amazing amount of people making hue-and-cry when it happens in Windows but I just came to know that it is known as "proof-of-concept" and not an actual virus. Nice

[kirangp]

I am tired of making Aryayush understand...Hehe..

[gxsaurav]

Quote:

Originally Posted by eddie

OMFG I am seriously bookmarking this post!!! This is a historical post that should be written in golden words in ThinkDigit's history books.

do so man, do so

[goobimama]

Heheh...

[kirangp]

nowadays aryayush doesnt comment much...hehe

[Josan]

maccccccccccc to slow...........

[aryayush]

LOL!

[gxsaurav]

Quote:

Originally Posted by aryayush

LOL!

seems like you finally fixed your mac

[aryayush]

When was it broken?