Apple Releases Security Update For Software Update Hole
Apple Releases Security Update For Software Update Hole
by , 7:00 AM EDT, July 15th, 2002
Earlier this month Russell Harding of the University of Colorado released an advisory which said that Apple's Software Update client is a security hole through which hackers may sneak malicious code into your OS X running Mac. Apple has quickly responded to the alert, and released an update to the Software Update client late Friday that addresses the problem. From Apple:
Security Update 7-12-02 increases the security of the Software Update process for systems with Software Update client 1.4.5 or earlier. Packages presented via the Software Update mechanism are now cryptographically signed, and the new Software Update client 1.4.6 checks for a valid signature before installing new packages. Downloaded packages which do not contain a valid signature are deleted from the system.
Security Update 7-12-02 may be obtained via the Download link on this page (requires Mac OS X 10.1 or later) and will be available soon through the Software Update pane in System Preferences (requires 10.1.1 or later).
We highly recommend that to download the Security Update 7-12-02, which can be found at Apple's Knowledge Base site, Version Tracker, and, interestingly enough, through Software Update via Apple/System Preference in OS X.
The Mac Observer Spin:Kudos to Apple for being so quick on releasing this patch. It took about 4 days for the company to release the patch after the exploit was found. Big Redmond might want to take notes...
When the news of this particular security hole broke Apple's reputation took a hit. Some of the more ill-informed believed that this problem proved that OS X was not as secure as it was believed to be. The reasoning behind such beliefs are simple, but misleading: if one can load an application on your computer which, when ran, compromises the computer, then there is no security. The reality is that anytime you download software from the Internet you run the risk of getting malicious code, regardless of the OS.
Macs have been historically free of viruses and such, with one of the biggest reasons for this being that there were comparatively few of them. Virus writers wanted to inflict the most amount of damage with the least amount of work, so Microsoft has usually been their target. Oh, and there's the little fact that Microsoft has paid no attention to security until recently, and has released some of the sloppiest code in the history of computing.
For Apple, the world of security for Apple is a different place. The FreeBSD core inside OS X is no less secure than any other UNIX variant, and because Apple has locked down normally open accesses in OS X, users should find that Apple's new OS is every bit as secure as the old Mac OS. Still Apple does have to be more vigilant because of the multi-user nature of UNIX, and because it has to maintain a certain level of ease-of-use, which can cause problems such as the Software Update hole. It is good to see that Apple responds to these problems quickly and efficiently, which should do a lot to calm any potential worries over OS X's security.
Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/extension.inc) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 108
Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/extension.inc' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 108
Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/common.) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 110
Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/common.' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 110
Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/includes/bbcode.) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 112
Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/includes/bbcode.' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 112
Fatal error: Call to a member function sql_query() on a non-object in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 532
- Wed, 2:04 PM
- TMO Interview - Dave Teare at WWDC: How One Month for 1Password Became 8 Years
- 10:17 AM
- News - HBO GO, WatchESPN & More Come to Apple TV
- 9:29 AM
- Solar iPhone Chargers Coming to NYC
- 8:20 AM
- TMO Quick Tip - iOS: Prevent Unauthorized Siri Use
- Tue, 8:38 PM
- Editorial - Apple Offers Retail Employees Early Access to OS X Mavericks
- 6:41 PM
- Steve Wozniak Presides Over 3 Working Apple I Computers
- 4:35 PM
- TMO Interview - Alf Watt at WWDC: The Journey from iStumbler to Apple and Beyond
- 3:47 PM
- Product News - Apple Updates Java for Snow Leopard, Lion, Mountain Lion
- 2:01 PM
- Chatology Offers Search & Filtering Options for Apple’s Messages & iChat
- 1:50 PM
- Quick Look Review - Just Mobile’s AluCup: iOS Device Convenience in a Small Space
- 12:45 PM
- TMO Quick Tip - How to Run Parallels Desktop 8 with OS X Mavericks DP
- 11:09 AM
- Editorial - Of Course iOS 7 is Broken, it’s Beta