back to article Apple plugs 25 security holes

Brief Apple today fixed 25 vulnerabilities in the Mac OS X 10.4.9 operating system, courtesy of a 16MB patch for download. Apple's list of vulns is long and far too tedious for us to rewrite, so check out the company's security update for yourself and get patching. ®

COMMENTS

This topic is closed for new posts.
  1. Danny

    So secure

    Have you seen how many of the issues allow code to be run with system privileges. maybe all the Mac fan boys can now shut up about how secure OS X is

  2. Clay Garland

    :Crickets:

    Boy you must be a security analyst. You see, the better part of those vulns are buried underneath other layers of security. It's basically like saying, "Well if you can get through the wall of fire, the mote filled with alligators, and the 25 foot thick steel door, clipping a hole in the chain link fence shouldn't be too tough."

    I'm not being smug, but I'll bet that Mac users will shut up about security when their systems become unusable due to spyware and adware. And I swear to god above that if you bring up the absolute falsehood of 'security through obscurity', I will snap like a twig.

  3. Paul Findsen

    Still no spyware, trojans, worms or virii.

    So there's a potential for some trojans.... exactly how many exploits for OS X have been found in the wild? Umm.... there was Opener, but that's long since been shut down, and wasn't all that widespread anyway... so we're still looking at one or two in the six odd years of OS X. The Month of Apple Bugs mostly addressed third party vulnerabilities, and only a couple of Mac OS vulns, now shut.

    True, a computer is only as secure as the user allows it to be, and Mac users do need to pay more attention. Dodging bullets for a few years is really only luck. Sooner or later something will come, but it's still a far cry from the entire industry that relies on Windows' security holes for revenue.

  4. Martin Simpson

    Hehe gotta love 'em

    What strikes me is the way Mac fanboys repond so bitterly.

    "Boy you must be a security analyst." - Was there really need for sarcasm.

    I'm not being smug, but I'll bet that Mac users will shut up about security when their systems become unusable due to spyware and adware. - Yes, you are

    "Well if you can get through the wall of fire, the mote filled with alligators, and the 25 foot thick steel door, clipping a hole in the chain link fence shouldn't be too tough." - A bit of an exaggeration dont you think?

    What i'm trying to say is that every system has it's flaws. I use a mixture of Windows XP / 2K server / Linux / Unix. My windows XP machine has been running now for about 6 months, and it's still as fast as the day i installed it. Not becuase windows is great, but because i take care of my system and i install what i need, not random crap from the internet.

    Mac systems are no better, the people just take better care of them. Personally i like Mac's but all in all they're just pretty toys that everyone puts on a pedestal for no reason. Anyway, if you want to argue the point about securty, give OpenBSD a try.

    Mac's are just like Windows in respect to the fact they're just another Operating System, they have flaws.. the only difference is a different user base.

    "Macs dont get viruses or spyware" i've heard people say. This is becuase you dont get script kiddies on Mac's (or *nix for that fact!) so quit the "Macs are the best" crap.

    Thanks.

  5. Clay Garland

    News Flash!

    Virii is stull not a word. Let's recap. Singular: stimulus, plural: stimuli, drop the 'us' add an 'i'. Virii could not be a word unless the root word was Virius, at best, it'd be viri, but it's viruses. Thank you.

  6. Clay Garland

    Bollocks.

    Well, I can tell you this. My grandfather has an eMac, and he has for the past 4 or 5 years. He downloads and dbl clicks EVERYTHING, unquestioningly. And his eMac is still problem free. Try it with a windows machine. End of story.

  7. Dot Net

    There is a difference Martin

    I use a Mac and a PC. I have an XP machine that I've used for the past 4 years on a PIII 667Mhz processor no less with 384megs of RAM. It's a steaming pile of s#!+. I know this but I accept it and the Microsoft centric things that I need to do I do without issue. I can't expect filet mignon when I'm at McDonald's. I accept that it's crap.

    I use a Powerbook for everything else I do. It's not a toy it's is the best machine I have ever had. If you spent any time on a Mac you would see that it's a highly powerful UNIX workstation, that has a glorious and functional eye candy GUI to boot. Now that Mac's run Intel I will be purchasing a MacBook Pro and do everything from one box.

    You are right every system has it's flaws Microsoft just has exponentially more of them.

    Script kiddies only on Windows? That just shows your ignorance.

    I've run into more *nix script kiddies than anything.

    Speaking of UNIX Bill Joy the inventor of vi and founding architect of BSD and James Gosling the creator of Java have on their desktop? Not Microsoft crap!

    I don't mind spending a little extra for a Mac because it is a very polished product!

    Windows including Vista has the feel of an abandoned, unfinished open source project. Aero does nothing functionally to make using your PC easier other than just giving you something cool to look at.

    Mac's are the best! There is a lot to be smug about.

  8. Joe Cooper

    Spyware

    "the absolute falsehood of 'security through obscurity', I will snap like a twig."

    Well virii, bots, hackers and things definately make "security through obscurity" pretty worthless. But you said spyware :)

    Spyware and adware are market, business driven - they're made by advertising companies, and are usually even installed by the user - usually after the user agrees to it in a license! They rarely even really take advantage of security holes and bugs so patching and updating doesn't really effect spyware and adware.

    In fact, it's actually really easy to deploy spyware and adware to Linux and - though I haven't looked into it specifically - probaby Mac. You just need stupid users to install "free programs!!!!!!".

    It just wouldn't make any $$$ though so to a spyware, adware company it's quite worthless. Hence no spyware on Linux or Mac even though it is soooooooo easy.

    As for virii - which mind you is an entirely different matter - I'm actually quite shocked that Macintosh and Linux and the like don't have more. Everyone going around bragging about the unbreakability is essentially begging for attacks, it's like a challenge. All we get though are "proof of concept" lab developed benign trojans that hardly even qualify as malicious.

    So feel free to be proud of Unix security, just don't throw around spyware as an example. The #1 security hole that lets spyware in lies between the chair and keyboard.

  9. Steven Hewittt

    Time is coming?

    It comes down to the principle of popularity. Today, many viruses are written for commerical reasons (e.g. install spyware without a user downloading freebie muck), to spread a message (hidden text in the viral code - popular virus gets headlines thus message of purpose is often exposed) or just as part of a botnet to do DOS/DDOS attacks.

    To do these, you need a lot of computers to run your virus - thus targeted toward Windows.

    Yes, there's a huge amount of security holes in Windows, and even more viruses out there to exploit them.

    But taking a snapshot of El Reg home page right now shows JavaScript security issues, 25 Mac security holes (my interpretation) and OpenOffice password protection being cracked.

    There's also the recent news of security issues in Firefox. (Yes, as well as IE, but the volume of security issues in Firefox whilst being peer reviewed isn't a good thing - thus headlines)

    These aren't insecure products, infact I use them on a daily basis (including Linux servers and a couple of Mac clients) - but the trend seems to be that more OSS and non-MS products are coming into the spotlight with their security flaws.

    I don't believe this is because people are necessarly finding more security holes in these products (although possible), but probably because people care about them more as their use is more widespread. (With more Mac's being sold, Linux on desktops, OpenOffice on those machines, Firefox also on them along with Windows) As people care about them more as end-users and IT Pro's uptake is higher, then the headlines reflect this.

    Seems a little bit like the Windows fanboys who were spouting about "Windows only seems more insecure as nearly everybody uses it" maybe more accurate that first thought.

This topic is closed for new posts.

Other stories you might like