Apple Issues Patches For 25 Security Holes 241
TheCybernator writes "Apple today released software updates to plug more than two dozen security holes in its Mac OS X operating system and other software. The free patches are available via the Mac's built-in Software Update feature or directly from Apple's Web site.
All told, today's batch fixes some 25 distinct security vulnerabilities, including a dangerous flaw present in the AirPort wireless devices built into a number of Apple computers, including the eMac, the iBook, iMac, Powerbook G3 and G4, and the Power Mac G4. Apple said computers with its AirPort Extreme wireless cards are not affected.
Earlier this month, Apple released a software update to fix a vulnerability in its wireless router, the AirPort Extreme Base Station. That update and instructions on how to apply it are available at the link."
Re:Why is this news? (Score:5, Interesting)
Compare this to the dense hole descriptions by MSFT. Almost everything affects everything. Even if the bug in Windows is such that "If you dont user IE you are not vulnerable" they cant/wont say it. Wont say it because it will drive FireFox usage up. Cant say it because IE can be invoked by any part of any code. Similarly when a hole in Windows is found, no one seems to know what/who would be affected. Another reason why they dont describe it better is allegedly their fear that the hackers will use it to attack yet unupdated systems. But most hackers use reverse-engineering tools like BlackIce and deconstruct the patch and know precisely how to attack unpatched systems. On the other hand people who might be persuaded to patch their systems faster if the hole description was more specific and pertinent wait because they cant determine whether they are affected. Add to it MSFT's practice of downplaying the bug severity, no wonder MSFT updates are becoming more of a problem than solution.
Re:Why is this news? (Score:3, Interesting)
Microsoft's security fixes seem to fix smaller numbers of bugs per update. Recently, they were mostly updates to the malware removal tool, not security fixes.
Just the facts (Score:5, Interesting)
Vista [secunia.com]
OS X [secunia.com]
MS Patch management (Score:2, Interesting)
This appears to be related to the Microsoft Windows Installer (msi.dll).
Eventually, I tried to uninstall Office XP and start over. The machine refuses do do this with another silent failure. I considered uninstalling msi, but it warns me that every program on the computer may fail to work if I do so. Microsoft list a large number of registry hacks that might either fix the problem or create a doorstop.
Now I'm looking at starting from a fresh install.
I do not know if the frequency and volume of patches from Microsoft is related, but I am highly suspicious that msi.dll is confused because of this. Microsoft describes Microsoft Windows Installer as "...an installation and configuration service that reduces the total cost of ownership." Not.
Re:but ... (Score:3, Interesting)
And fortunately, that conclusion is correct. You'll notice that these are all pre-emptive fixes to bugs that apple or white hats have discovered, not emergency patches for ongoing exploitation. I'd hazard a guess that the total number of macs compromised by these issues outside of a testing environment is zero.
I'm sorry that your sister was affected by the one mac virus that has ever had even a tiny spread in the wild in the past, well, ever. (Symmantec's estimation of the total number of infections is "0-49". Probably not accurate, but remember that this is an entity that has an incentive to _exaggerate_ virus threats.) But one anecdote of one incredibly rare virus that did minimal damage, was easily detected and removed, and saw a quick extinction does not bring into dispute the idea that macs are extremely virus-un-prone.
Re:cue doodly piano music (Score:1, Interesting)
The pro machines have always been able to be fully upgradeable. Not so with the consumer machines.
Simple enough?