Apple Releases Security Update 2003-03-24 58
skeeter17 writes "Apple updates security again. According the description: 'Security Update 2002-03-24 addresses a Samba vulnerability which could allow unauthorized remote access to the host system. .... OpenSSL is also updated to address an issue in which RSA private keys can be compromised when communicating over LANs, Internet2/Abilene, and interprocess communication on local machine. ... It is recommended that all users install this Security Update.' Well! There you have it folks!" It is available via Software Update.
Dance! (Score:4, Funny)
Macs rock. ;) (Score:5, Interesting)
I know at work, whenever an exploitation was discovered on the PC, the IT department would wait and wait. After several weeks, when problems started happening, they would issue an advisory, telling the people workarounds and what not to do and such until an update happened.
They never did that for the marketing/communications Macs. The reasons are threefold:
a.) there are fewer exploits in Mac OS X's old age (read: UNIX/FreeBSD/Darwin),
b.) when there are holes, they are patched, almost always very, very promptly.
c.) they were afraid of the Macs, anyway.
I think the latter is the least substantial, but, nonetheless, still relevant.
Anyway. I wanted to make a note of this. I don't see how there's much else that we can regularlly pony up in Software Update discussions...
justen
Re:Macs rock. ;) (Score:4, Interesting)
Not to rag too much on apple, but they're still slower to release fixes than open source. Both fink and my gentoo linux box are usually patched the same week (and often the same day) that I hear about the problem.
Gentoo is getting a reputation for releasing fixes before slashdot announces, as the smug 1337 gentoo users like to point out.
Does that make me one of them now, too?
I'm not meaning to say that apple is doing a poor job, by any means. I'm just wanting to point out that apple is not the only organization that takes security seriously, and that there are others that beat apple out the door with security fixes.
Re:Macs rock. ;) (Score:2)
Re:Macs rock. ;) (Score:5, Informative)
Put an other way, you're right, but your confusing Apple's software with the code. Most of the services on OSX are open source and to say that "they are slower to release fixes than open source" rather misses the forest for the trees. (Or vice versa) What Apple does is provide a quick, easy update for regular users who don't want to deal with the complexities of compiling their open source programs. As such Apple reacts very timely and does a lot of checking.
So to differentiate Apple's security and open source's security is a false dichotomy.
Re:Macs rock. ;) (Score:1)
Re:Why don't you just get a REAL operating system. (Score:5, Funny)
That's right - all you need to do is leave your box hooked up to the network with no firewall, and in less than 5 minutes, one of a large number of dedicated volunteers will scan your system for any security flaws. If any are found, this tireless worker will log into your box, and install any necessary patches for you.
Don't worry if the disk thrashes from time to time, or if there is a lot of network activity, these are just symptoms of the high level of careful service you are receiving from your unknown friend.
To ensure the best service, be sure to tip him, by putting your credit card number, zip code, expiration date, SSN, and a suggested tip amount in a file called c:\tip.txt. A little gesture like this can go a long way!
Yes, I agree...MS is trash (Score:5, Insightful)
I know the parent is a troll. Last one I feed today, I promise.
Re:Why don't you just get a REAL operating system. (Score:1)
They're doin' better than Microsoft (Score:3, Insightful)
It seems that almost every week, my IT deartment is running around trying to install security updates on our computers. It's a good thing I only use my PC for e-mail (not for long, since MS Exchange will soon work with Entourage). I use my Mac for real work.
Not even Apple's updates (Score:5, Insightful)
Re:Not even Apple's updates (Score:4, Insightful)
Let's face it: If you compare Apple's software AND hardware innovation to any other company, they stand up extremely well. Apple is a company that is doing both at the same time. Any other company would have folded by now (they were getting pretty close in the late '90s), but they seem to be able to keep setting trends and making money to boot. I'd like to see MS try and pull that off. They seem to be going backwards compared to Apple.
Re:Not even Apple's updates (Score:2, Funny)
Re:They're doin' better than Microsoft (Score:2)
Re:They're doin' better than Microsoft (Score:5, Funny)
slackers!!!!
Someone tell me... (Score:1)
Re:Someone tell me... (Score:3, Informative)
Re:Someone tell me... (Score:1)
A workaround for your problem, if you have an always-on internet connection, btw, is to just turn network time syncing on.
Date issues? (Score:2, Interesting)
Weren't they a year off last time, too?
Re:Date issues? (Score:1, Flamebait)
OpenSSL again? (Score:4, Interesting)
I'm confused! Anyone know what OpenSSL bugs are patched, specifically, by each security update?
Re:OpenSSL again? (Score:2)
Hmm, interesting... my guess is that's just some overzealous copy and paste from the previous security update.
Now, as for which OpenSSL bug this is for... my /usr/lib/libssl.* and /usr/lib/libcrypto.* are still dated 03/03. Here's a list of the files included in the update:
Re:OpenSSL again? (Score:2)
Restart required, though. (Score:4, Funny)
Re:Restart required, though. (Score:1)
1: The system crashes quite often.
2: The system is patched quite often.
Ever since realising that, I have a new view on uptime boasting...
Limited options? (Score:2)
4: The computer is located in a California 'Rolling Black-Out' zone (snnnuck)
Re:Restart required, though. (Score:2)
Re:Restart required, though. (Score:2)
Not bad for a 199
Facinating..... (Score:1)
Re:Facinating.....[ERRATA] (Score:1)
security update & safari (Score:1)
Re:security update & safari (Score:2)
Just wish they'd fix the bugs (Score:1)
I just hate how the security patches kill my uptime. 5 days 18:04 since I last rebooted on my iBook, and I think that was the last security patch, too.
Apache Problems (Score:2)
I'd be interested in hearing from anyone else having similar difficulties.
Re:Apache Problems (Score:2)
Re:Apache Problems (Score:2)
Re:Apache Problems (Score:1)
Any solutions out there?
Re:Apache Problems (Score:2)
You can find the old libssl.so at two places:
http://ganter.dyndns.org/misc/apple_ssl.php [dyndns.org]
http://www.zippy6.net/misc/ [zippy6.net]
You have Thomas Ganter to thank for this solution. It was first published on the Apple discussion site, and I mirrored it on my webserver (just to keep G
Apple Mail (Score:1)