The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Apple Releases Security Update For Software Update Hole

Apple Releases Security Update For Software Update Hole

by , 7:00 AM EDT, July 15th, 2002

Earlier this month Russell Harding of the University of Colorado released an advisory which said that Apple's Software Update client is a security hole through which hackers may sneak malicious code into your OS X running Mac. Apple has quickly responded to the alert, and released an update to the Software Update client late Friday that addresses the problem. From Apple:

Security Update 7-12-02 increases the security of the Software Update process for systems with Software Update client 1.4.5 or earlier. Packages presented via the Software Update mechanism are now cryptographically signed, and the new Software Update client 1.4.6 checks for a valid signature before installing new packages. Downloaded packages which do not contain a valid signature are deleted from the system.

Security Update 7-12-02 may be obtained via the Download link on this page (requires Mac OS X 10.1 or later) and will be available soon through the Software Update pane in System Preferences (requires 10.1.1 or later).

We highly recommend that to download the Security Update 7-12-02, which can be found at Apple's Knowledge Base site, Version Tracker, and, interestingly enough, through Software Update via Apple/System Preference in OS X.

The Mac Observer Spin:

Kudos to Apple for being so quick on releasing this patch. It took about 4 days for the company to release the patch after the exploit was found. Big Redmond might want to take notes...

When the news of this particular security hole broke Apple's reputation took a hit. Some of the more ill-informed believed that this problem proved that OS X was not as secure as it was believed to be. The reasoning behind such beliefs are simple, but misleading: if one can load an application on your computer which, when ran, compromises the computer, then there is no security. The reality is that anytime you download software from the Internet you run the risk of getting malicious code, regardless of the OS.

Macs have been historically free of viruses and such, with one of the biggest reasons for this being that there were comparatively few of them. Virus writers wanted to inflict the most amount of damage with the least amount of work, so Microsoft has usually been their target. Oh, and there's the little fact that Microsoft has paid no attention to security until recently, and has released some of the sloppiest code in the history of computing.

For Apple, the world of security for Apple is a different place. The FreeBSD core inside OS X is no less secure than any other UNIX variant, and because Apple has locked down normally open accesses in OS X, users should find that Apple's new OS is every bit as secure as the old Mac OS. Still Apple does have to be more vigilant because of the multi-user nature of UNIX, and because it has to maintain a certain level of ease-of-use, which can cause problems such as the Software Update hole. It is good to see that Apple responds to these problems quickly and efficiently, which should do a lot to calm any potential worries over OS X's security.

Recent Headlines - Updated May 3rd

Mon,12:40 PM
Three Ways to Protect your Apple Watch (and One Way Not To)
Tue,3:30 PM
Apple’s Tim Cook is Playing a Very Smart Game With Apple Watch
2:22 PM
TMO Daily Observations 2016-05-03: Privacy Criminals, Cheap iTunes Gift Cards
8:00 AM
Apple’s Failure to Scale
Mon,6:42 PM
TMO’s Guide to Buying Discounted iTunes Cards
5:45 PM
Comcast Talks About Terabyte Data Caps & More
5:12 PM
Bob LeVitus Will Present at SMMUG in Colorado Springs on May 9th
4:27 PM
Blumoo Bluetooth Universal Remote: $52.99
4:18 PM
iPhone Controlled Air Conditioner Looks, and is, Cool
3:00 PM
TMO Background Mode: Interview With Intel Fellow Dr. Bruce Horn
1:55 PM
TMO Daily Observations 2016-05-02: Apple’s Next Big Thing, Icahn’s $AAPL Selloff
10:53 AM
FBI Shows Fingerprints and Touch ID Aren’t Warrant-proof
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!