Apple Release Mega Patch to Fix 19 Flaws 554
maotx writes "Apple has released a mega-patch that fixes 19 flaws in Mac OS X v10.3.9. The updates include several fixes for remote and local root exploits. The change log can be found here. You can download the updates using the Software Update Program or directly from Apple Downloads."
10.3.10? (Score:5, Funny)
Re:10.3.10? (Score:5, Informative)
Re:10.3.10? (Score:5, Informative)
A security update should have a very low threshold for installation. An admin should be able to apply it feeling somewhat confident it is not going to break anything important. Of course, on critical systems "somewhat" is not enough so it may still require some testing.
Point being, a security update should be lightweight to encourage quick adoption.
As an aside, Apple "violated" this express policy and included a few security updates with 10.3.9. That update turned out to break things for a lot of people, therefore people held off installing it. During that time, they were subjected to published vulnerabilities.
Re:10.3.10? (Score:4, Insightful)
Wish they'd start behaving like a real OS company and release security patches for every 'supported' version instead of trying to drive upgrades with them.
Re:10.3.10? (Score:2, Informative)
Would someone please explain to me why this comment would be marked as "Flamebait"? Still trying to get a handle on this mod thing.
I'm guessing it was some mod who doesn't get the concept that the segments in 10.3.9 are separate fields (like an IP address) rather than one big floating point decimal, thinks "10.310 < 10.39, OMG, this poster wants to make OS X go backwards!" and clicked the flamebait button.
Re:10.3.10? (Score:4, Funny)
There are also several insane mods, a lot of mods on crack (or various other substances), and some mods who are actually decent mods.
There are many many mods who fall into more than one category there, so be careful if you try to assign numbers to each group.
silly taco (Score:5, Informative)
One assumes all of these are fixed in Tiger... (Score:2, Insightful)
Crow T. Trollbot
Several exploits (Score:4, Insightful)
Re:Several exploits (Score:3, Funny)
the time from discovery to fix was relativly short.
They decided to put them all in a single patch.
Re:Several exploits (Score:5, Informative)
Oh [secunia.com] (three months) really [secunia.com] (5 months)?
Re:Several exploits (Score:2)
downloading 19 paths over two weeks.. ya sure. maybe in your world...
Re:Several exploits (Score:4, Insightful)
The series of checkboxes you're looking for can be found in the Sharing pane of System Preferences.
Re:Several exploits (Score:5, Funny)
Yup. Exactly. If the machine you're using has a theoretical vulnerability and you're worried about it, the best solution is to disable the service that contains the vulnerability.
I know here at Microsoft we make patches available in a timely manner
Great. How's that working out for you? Have those nasty and irresponsible rumors about Windows computers being infested with spyware and viruses dried up yet in the face of your awe-inspiring ability to ship patches?
Re:Several exploits (Score:3, Insightful)
Yes, if MS could only find a way to stop all of their users from the bad action of clicking start -> (all) programs -> Internet Explorer, the MS Spyware problem would be solved!
(Insert MS fanboy response about how your WinXP SP 2 system has _never_ had spyware and is now "rock" solid and you only reboot about every 1-2 weeks!)
(But leave out how Joe User still gets tons of spyware/viruses with WinXP SP2)
Re:Several exploits (Score:3, Informative)
OS X Server is about as different from OS X "Client" as Windows XP is from Windows 2003 Server.
Which is to say, not a great deal.
Re:Several exploits (Score:3, Insightful)
This is Security Update 2005-005 we are discussing, not 004. More proof.
Re:Several exploits (Score:3, Funny)
fsck'n Troll...
Re:Several exploits (Score:4, Insightful)
Re:Several exploits (Score:2, Interesting)
1) Remote root vulnerability exists for a long time.
2) If there are a large number of machines with this vulnerability, then it is worth exploiting.
3) Most Macs have this vulnerability.
4) If Macs had a large marketshare, this "most" would correspond to (
Re:Several exploits (Score:3, Interesting)
Re:Several exploits (Score:5, Informative)
Clue #2: If marketshare was the only factor, there would be far more exploits and virii floating around for Apache than for IIS. Security design matters more than market share, and Macs are vastly more secure than Windows boxen.
Clue #3: There's not clue 3.
Clue #4: Incorrect plurala can be fun.
Re:Several exploits (Score:5, Informative)
Clue #1.1: Root user *login* is disabled by default. The root user and processes running as root are always there.
-matthew
Re:Several exploits (Score:5, Informative)
The NSA posted an OS X security guide. The NSA stated that OS X is the most secure of clients OSes, particularly in its default configuration.
http://www.nsa.gov/snac/os/applemac/osx_client_fin al_v.1.pdf [nsa.gov]
Re:Several exploits (Score:2, Informative)
Re:Several exploits (Score:4, Insightful)
The mac interface runs on top of Darwin, a *bsd--not "some FreeBSD apps installed." Cygwin runs on top of windows.
OK, not a big difference--just the difference between an application and OS . .
hawk, off to eat soup with a fork, which is just a spoon with some holes attached
Re:Several exploits (Score:4, Informative)
lies.
The basic filesystem hooks (the basic os filehandling) is FreeBSD, its a LOT more than a few BSD apps.
OSX is _really_ a mach kernel, with a BSD derived OS on top, and a proprietary window manager on top of that.
Re:Several exploits (Score:4, Insightful)
Mac OS X is not Unix. It never has been. We've never applied to use the Unix trademark, nor are we the least bit interested in maintaining absolute parity with Unix.
However, Mac OS X evolved from Unix, and there are many Unix-like pieces left. In particular, many of the programming interfaces common to Unix are still available through a framework we call libSystem. We ship the Unix user interface, X11. We offer a command-line user environment that includes many Unix-like utilities. And so on.
So no, Mac OS X is not now and has never been Unix. But neither is it something entirely different from Unix with a Unix-compatitbility layer bolted on.
So you were simultaneously right and wrong. Neat, huh?
Re:Several exploits (Score:5, Interesting)
Re:Several exploits (Score:4, Informative)
Imagine you've got a graduated cylinder, one that holds a cup of liquid. Fill it all the way up to the top. That's Linux's relationship with Unix. Linux is a file-by-file, folder-by-folder clone of Unix, all the way down to things that make no sense at all today like
There's a little bit of stuff that's been added to Linux that wasn't present in Unix, but these are basically just replacements for the various X windowing environments. As a proportion, there's very little new technology there.
On the Mac, on the other hand, there's only about a tablespoon of Unix in there. We've got the process model and some of the low-level APIs, sure. We've even got a terminal that offer Unix shells and command-line utilities. But we've stripped away massive parts of Unix --like init and the boot scripts, like cron, like
So that's why I say that Mac OS X evolved from Unix.
Why do you think we call our implementation of Unix "Darwin?"
Re:Several exploits (Score:3, Interesting)
We were talking about the OS. You compared removing stuff from the OS, and tossing in programs as an improvement to the OS.
My point is that almost none of the stuff you talked about has anything to do with how the OS runs. They're simply programs that run under that OS, and can be ported to Unix.
And Unix would remain Unix.
Re:Several exploits (Score:4, Interesting)
Because you're behind the curve. Whatever version of Mac OS X you're looking at pre-dates version 10.4.
The system boots in Unix, it runs init, it runs various rc scripts which start various services which then become the processes that present a graphical user interface.
Everything you said here is wrong. The system boots xnu, the Mac OS X kernel, and the kernel runs launchd. There are no rc scripts.
It has plenty of stuff in
There is, in fact, no
It uses shell scripts and Perl scripts.
So does Windows, for that matter. That criterion is obviously meaningless.
It Is a Unix-like system in every way.
Only if you get practically every fact about the system wrong, evidently.
OSX, for the most part, is a set of processes and libraries, conventions and file-system layouts, with a Unix-like kernel at the heart of it.
Mac OS X is a set of processes and libraries with a Unix compatibility environment included as one small part of it. The Unix environment -- a C-language runtime supporting the various POSIX APIs -- exists alongside the Mac OS Classic virtual machine, the Core Foundation runtime, the Carbon runtime, the Cocoa Objective-C runtime and the Java runtime. Unix compatibility is just one slice of Mac OS X.
If you leave the Unix libraries and config files and executables, and take away the OSX-specific stuff, you're left with a system that is pretty much Unix.
If you leave our implementation of Unix interfaces and take away Mac OS Classic, Core Foundation, Carbon, Cocoa and Java, you're left with Darwin, which you can download for free in source or binary form.
Get it? Darwin? Evolution? Mac OS X evolved from Unix. It is not Unix.
How much of OSX is implemented in the kernel and how much is implemented in shared libraries?
That question has no meaning. None of Mac OS X is "implemented in the kernel." The kernel is just a program.
How many non-Unix non-Mach (i.e. OSX-specific) system calls are there?
Countless thousands. There are seventy-three high-level frameworks in Mac OS X 10.4 Tiger, including such monsters as Core Foundation, AppKit, Foundation, Core Audio, Core Data, IOKit, QTKit, Core Services, Quartz and Directory Service. Each of these frameworks contains hundreds or thousands of function calls or Objective-C selectors.
How much of the system runs directly under Mach instead of running as a Unix process?
Again, a meaningless question. Just because Mac OS X adopted the Unix process model doesn't mean anything at all on a Mac is a "Unix process." That's like saying anybody who speaks French is French.
I don't understand why you have such a thing about insisting that what is running on a Mac running OSX isn't "Unix-like", when it clearly is.
I never said Mac OS X doesn't resemble Unix. I have said repeatedly -- so many times now that I've lost count -- that Mac OS X has a complete Unix compatibility environment. It is evolved from Unix, derived from Unix, based in no small part on Unix. But Mac OS X is not Unix. It's far, far more than just that.
Linux is NOT a "file-by-file" clone of Unix.
Of course it is. Programs like init, rc, cron, inetd and of course all the shells and utilities are file-by-file copies of Unix, duplicating all the good stuff but also methodically and deliberately duplicating all the bad stuff too.
If I boot Linux on a root file system that has
Sorry, but I totally glazed over here. What you described is so close to my idea of navel-gazing hobbyist hell that I just couldn't handle reading it. I skipped to th
Re:Several exploits (Score:4, Insightful)
Mac OS X is a super-modern operating system that combines the power and stability of UNIX with the legendary elegance of the Macintosh.
Note that it says "combines the power...of Unix." Not "derived from" or any other qualifer. Any reasonable customer is going to assume that when Unix is listed as one of the ingredients on the outside of the tin, that's what they're getting inside the tin.
Mass marketing aside, the PDF labelled "UNIX" [apple.com] in the sidebar, is sub titled "The power of UNIX with the simplicity of Macintosh. " and the first two paragraphs go on to state:
Mac OS X version 10.4 "Tiger" combines a robust and open UNIX-based foundation with the richness and usability of the Mac interface, bringing UNIX technology and 64-bit power to the mass market. Apple has made open source and standards a key part of its strategy to deliver an industrial-strength operating system that is both innovative and easy to use.
There are over 15 million Mac OS X users--scientists, animators, developers, system administrators, and more--making Mac OS X the most widely used UNIX-based desktop operating system.
Sure, OS X not 100% UNIX certified, or compliant, but then that didn't stop people (quite correctly) considering Linux as Unix.
So while I agree that OS X is not techncially Unix, and Apple has done a great job in by marrying BSD with Mach as well as a slew of other innovations, Apple has not been shy about using the Unix name liberally in its marketing and technical documentation, and it's not unreasonable, as a first order approximation, to call OS X a Unix. (And traditionally, the difference between Unix and Unix-based has been pretty meaningless when categorizing operating systems) If calling OS X Unix is an unreasonable approximation, and OS X is truly a horse of a different color, then the claim that OS X is "the most widely used UNIX-based desktop operating system" is a meaningless tautology: you've never seen a press release from, say, Be, reading that "The Be operating system is the most widely used Be operating system in the world." On some level, OS X must be a member of a larger equivalence class -- Unix and Unix-based OS's -- for that statement to mean anything.
Re:Several exploits (Score:5, Insightful)
The logo, depicting a metal plate with embossed letters, reads "Unix Based." We still use it. But please note the use of the word "Based." It's not just there for show.
Any reasonable customer is going to assume that when Unix is listed as one of the ingredients on the outside of the tin, that's what they're getting inside the tin.
Except that's not what's going on. If you'll pardon the unflattering analogy, the ingredients list reads "fruit flavors" and you think it reads "fruit."
We market the hell out of our Unix compatibility and portability features. We advertise prominently the degree to which we've included frameworks making it easy to port existing Unix (including Linux) applications. That's not the same thing as saying our operating system is Unix.
Look, the reason for this is very clear: The word "Unix" has a terrible reputation among half of our customers, and a sterling reputation among the other half. To scientific and technical customers, Unix means "better than Windows." To commercial and home users, Unix means "that hard thing that geek tried to get us to use that one time before we switched back to Windows forever."
Obviously we want customers to know that we've brought the good parts of Unix into the 21st century, but at the same time they have to know that we've left the bad parts behind.
It's a very tricky idea to try to get across in two words. We chose "Unix Based." Obviously this hasn't been without its problems.
What we can't let happen, though, is let the idea get out that Mac OS X is Unix. At the risk of sounding (even more) superior (than usual), Mac OS X isn't merely Unix. It's the next generation beyond Unix. It's a quantum leap ahead of Unix. Saying that Mac OS X is Unix puts it on the same plane as Linux, which is definitely not true and is something we want strongly to avoid in our communications.
the difference between Unix and Unix-based has been pretty meaningless
Well, there's only so much we can do with our company communications if people just refuse to understand what words mean, you know? To say that something "is" something and that something is "based on" something are two radically different things. Confusing the two is like (to use an analogy that might be meaningful to you) saying that C and C++ are the same computer language.
Re:Several exploits (Score:3, Insightful)
We don't want to imply that our product is derivative. I have been told that when Mac OS X was first being marketed, there was a push to call it "evolved from Unix." (That's where I picked up the phrase.) It went hand-in-hand with calling our implementation of Unix "Darwin."
We dropped that idea (the story goes) because "evolved" has a pretty strong negative connotation for a lot of people, too.
So we went with the technically accurate but obviously befuddling "Unix-based."
Re:Several exploits (Score:4, Insightful)
OS X has, at its very core, a BSD derivative (Darwin) which is a direct descendant of UNIX (unlike Linux, which is a clone of UNIX).
And don't forget the ad in Scientific American which read: Sends other UNIX boxes to
There are two primary reasons Apple is careful about calling OS X UNIX. The primary (or legal) one is that the Open Group sued Apple for violating its UNIX trademark.
The other is that Apple wants to differentiate OS X from the negative aspects of UNIX. OS X is *so* much more than UNIX, that in many ways, to call OS X "just another UNIX" underplays the NeXT/Cocoa- and Apple-derived technologies. It would be akin to calling Safari a "text reader".
So, it's sort of a "have your cake, and eat it, too" situation. Apple can simultaneously derive all the cachet of being a true UNIX, while mitigating the downsides. Which leads to statements like:
So you were simultaneously right and wrong. Neat, huh?
In other words: In some ways (all but one, actually) OS X is UNIX (and then some), and in some ways (one, really) it isn't. True and not true, simultaneously right and wrong. Neat? That wouldn't be my choice of word, but OK.
Re:Several exploits (Score:4, Insightful)
Completely false. If you think that "pretty much every Mac in existence" upgraded to 10.3.9, then you would be wrong. If you are using hyperbole to make a troll-ish statement, then whatever. Just because an exploit exists does not mean that it is common knowledge and would have been used or even could have been used against "pretty much every Mac in existence". Please point to a report about any Macs that were rooted due to this exploit. Surely out of the millions of Macs out there, at least one was rooted if it's so easy.
Sorry, you're completely and utterly wrong (Score:5, Informative)
And your other general point about "popularity" is answered below. Nice troll, though.
On this subject, last year I answered a query raised during a Chronicle of Higher Education colloquy. I believe it touches on the major issues here.
Question from Lisa L. Spangenberg, UCLA:
Given that there are no viruses or Trojan horses for the current Macintosh system, OS X 10.3, and given that it is essentially UNIX, and given that the most common applications (Microsoft Office Suite, Adobe applications) work very well on OS X, why don't more institutions adopt Macs and encourage faculty to use them?
Gregory A. Jackson:
Well, first of all, there are viruses and Trojans that afflict MacOS, witness Apple's periodic release of security fixes to counteract them.
First, that isn't true, regarding viruses. To date, there are no known viruses that specifically target Mac OS X. Last week's "trojan" was nothing more than an application with a different icon and misleading name that displayed a dialog box (which was an example posted to a USENET Mac programming group to illustrate this fact that has been known and possible on Mac OS for over twenty years; an antivirus vendor apparently thought this an appropriate time to dress it up, incorrectly, as some new, terrible exploit easily adapted for malicious means, when in reality it's nothing more than an application).
If you're referring more broadly to security issues in general, almost all of the security and security-related updates for Mac OS X to date have been updates for primarily server-type services that ship with the OS, all of which are disabled by default, and the lion's share of which are never even enabled, much less touched, on the vast majority of systems. I'm not saying that they should be ignored, but Apple's comprehensive and swift response to the most minor security issues does not rise to the level of the staggeringly numerous, sometimes completely automated, remote exploits, worms, and so on for Windows. It is no longer possible to even get through a full installation Windows XP on a machine connected to a public network without it being exploited before you even have a chance to patch it.
It's definitely possible for Mac OS X to have viruses, worms, trojans, and other malware - Mac OS X is not invulnerable, and no sensible person would claim it to be. But the underlying philosophical design principles are fundamentally more secure than Windows, period. Since the major ingredient for the success of a worm or virus is some ability to spread, witness the fact that there is no way with anything built into Mac OS X to perform automated propagation of a virus, and no current known ways to exploit a machine remotely, not to mention that potentially exploitable network services are disabled to begin with anyway (and remain that way unless explicitly enabled), a stark contrast to Windows. Any hope for automatic propagation would require a comparatively high level of sophistication, and perhaps even its own mail server - not to mention some intrinsic vulnerability to exploit. On the other hand, there are still, to this moment, unfixed vulnerabilities in certain versions of Outlook that will spread certain virus variants simply by previewing a
Re:Sorry, you're completely and utterly wrong (Score:4, Funny)
Bluetooth vulnerability on by default (Score:3, Interesting)
Did you read the vulnerabilities fixed in this patch? There is a (potential) bluetooth vulnerability (on by default!) that allows remote users to view the contents of your hard drive, and maybe even upload files to anywhere on your hard drive.
Read below:
Bluetooth
Impact: Bluetooth-enabled systems may allow file exchange without prompting users Description: The Bluet
Re:Several exploits (Score:3, Insightful)
Re:Several exploits (Score:5, Insightful)
That of course is a rhetorical question, which proves nothing. To actually defeat your argument: the existence of a theoretical vulnerability is not enough to get a system mass-rooted. The vulnerability has to be discovered first, and it will be easier to find one if the system has 100 exploitable vulnerabilities versus 10. It is likely that all complete network operating systems have some number; the question is how many and how easy they are to find. It is true that an attacker does not need more than one, but systems with fewer holes are still more secure for this reason.
Also, note that a security researcher does not need to come up with an actual working exploit, merely a theoretical description of how one could be written. Depending on the extent and nature of the vulnerability, it might be harder or easier to exploit than others.
The truth is that there is not currently an ideal mathematical way to evaluate the real, overall security of a computer system. Until we do the best real-world statistic we have is the actual security record, which is biased against Windows. However, the lack of a good measurement of security does not mean that all systems are equally secure.
To an end-user, it does not really matter what the reason is that Windows is more likely to be hacked. It remains one of the major problems of the platform, and a problem that is not nearly as pervasive on OS X.
Re:Several exploits (Score:5, Insightful)
While I think... (Score:4, Interesting)
Re:While I think... (Score:5, Insightful)
Re:While I think... (Score:5, Interesting)
I just wish Microsoft better documented what is in their patches. Sometimes they say that it fixes an exploit, but doesn't say which part of that 50MB download is for that exploit. Or exactly what the exploit was. If I recall, they've even sued people for publishing the exploit!
And if I may put on my tin foil hat here, I've noticed that some MS patches do surreptitious things. For example, several Win2k patches connected to a 3rd party server, by IP address since it had no DNS entry, and made and HTTP request. When my firewall denied the connection, the patch refused to install. No problem! I connected to that server myself to see what it is. As soon as I enter an HTTP GET, it immediately disconnects me. Hmmmmmmm!? Why does an MS patch connect to a mysterious server with no DNS record that goes to extra lengths to hide other connections?
Sometimes this hat feels kinda comfy.
Re:While I think... (Score:3, Interesting)
I don't know why the patch is contacting a web server but the lack of a DNS name is not all that suspicious: it makes it impervious to hacked/
Re:While I think... (Score:5, Informative)
Re:While I think... (Score:2)
Re:While I think... (Score:2, Insightful)
People tend to go looking for them [debian.org].
If you're a penetration tester, or work for a security firm, then publishing flaws is how you get "noticed", and how you attract new customers.
Not many people do it for purely altruistic motives - but I guess that doesn't matter if the flaw is found and fixed.
Tiger? (Score:2, Funny)
So since tiger* is 10.4, does it get these patches as well?
*TERMS OF USE
The reader of these terms of use agrees not to sue me for trademark infringement for the use of 'tiger'
Re:Tiger? (Score:2)
Marching orders? (Score:3, Funny)
Re:Marching orders? (Score:3, Funny)
Like because it is only 6MB to fix 19 holes.
Dislike because they released them all at once instead of releasing a fix as they were fixed.
Your welcome
10.4.1 (Score:3, Interesting)
Re:10.4.1 (Score:3, Interesting)
I don't know about waiting for 10.4.3, but definitely wait for 10.4.1. My co-worker installed Tiger and is having a hell of a time with it. Safari2 crashes much more often than 1.3 did, and his iChat will crash whenever an iChat from Panther sends him a message (and it displays my messages from Gaim in Black text on a Black background). He's ha
Re:10.4.1 (Score:3, Informative)
Put the keyboard down. Now, I want you to read this and repeat these words after me:
I do not work for Apple. Again. I do not work for Apple.
Do you feel better? One more time:
I do not work for Apple. If I worked for Apple, I'd have been fired by now. If I worked for Apple, people who really are from Apple would know who I am. I could not possibly post at this volume and depth and work at Apple without someone knowing exactly who I am.
It's hard to come to terms with. But it'
Re:10.4.1 (Score:3, Funny)
Maybe he's like the guy who made Graphing Calculator. [pacifict.com] It sure would explain how he has all this time to post on Slashdot...
A non-apple user has some questions: (Score:3, Interesting)
Do they have some sort of web-interface like Windows-update, or is it a self-contained program, or is it an open thing that you can use whatever browser/program you'd like to download?
Are there lots of little patches all the time, or just big lumps of patches like this one?
Thanks!
-Jesse
Re:A non-apple user has some questions: (Score:3, Informative)
Re:A non-apple user has some questions: (Score:5, Informative)
They do a mix of patches depending on what's needed. If there's just a small hotfix, that's what's there. If there's several unrelated fixes, they're all there. Other times it's big fixes like this. Also note that every few months they'll roll up a bunch of fixes into one big one to make it easier on people.
Re:A non-apple user has some questions: (Score:2)
Re:A non-apple user has some questions: (Score:2)
Software Update can be set to check for updates on your schedule: it's a preference pane (think Control Panel).
You can also manually kick it off, or just go to apple.com and check for downloads there.
Most patches are small. This one is larger than most.
Re:A non-apple user has some questions: (Score:2)
They have a little utility that contacts the apple update site about once a week. If it finds any, it gives you a list box that you can pick and choose which items to upgrade. I usually do them all.
Feature upgrades occur about monthly, not that I've really timed it. Security fixes are on a faster track.
Re: (Score:2)
Re:A non-apple user has some questions: (Score:5, Informative)
-About once every 2 months we see security patch. They now name them 200x.00y (x - year, y - patch this year).
-Software updates for apple software (non-OS related) come in about the same frequency. I usually get bugged to install something once every 2 weeks or so.
-Software updates for apple OS (10.3.x, where x is the current update) come in about once a quarter, or so.
All of those are voulentary upgrades.
Do they have some sort of web-interface like Windows-update, or is it a self-contained program, or is it an open thing that you can use whatever browser/program you'd like to download?
-There is an automated, stand alone tool to deliver them.
-They get posted as downloads to their site (apple.com) with documentation, description, etc.
-Sometimes, multiple patches get rolled into an 'uber' patch, if you are installing (upgrading) from previous release of the os to current (not on the release day). Apple also re-issues their OS media w/ most patches as they get posted.
So you can use any number of ways to patch your system.
Are there lots of little patches all the time, or just big lumps of patches like this one?
See above. Small patches are released if they are important, as time progresses they get rolled into bigger, all inclusive patches (and still available as the small ones).
Note, Apple also uses this mechanism to install firmware for iPods, iSights and Airport Stations - which makes upgrading your kit really convinient.
You can set the stand alone utility to check daily/weekly, whatever, or disable it as well.
Re:A non-apple user has some questions: (Score:2)
Just click Install and it grabs and installs a
Re:A non-apple user has some questions: (Score:2)
Pretty often. But as with some other large companies, sometimes they drag their feet if they don't feel that it is a priority.
Do they have some sort of web-interface like Windows-update, or is it a self-contained program
It's a self-contained program run from the System Preferences page. It downloads, installed, optimizes and then, if necessary reboots. It runs automatically by default so you really don't need to worry about it. It checks once a week
Re:A non-apple user has some questions: (Score:2)
How often does Apple release patches and the like?
Security patches are about one a month. They also issue other bugfixes every couple of months.
Do they have some sort of web-interface like Windows-update...
They have a Web page that lists all the updates as they are released and provides downloads. It works in every browser I have tried.
or is it a self-contained program
OS X also has an application that automatically checks for updates on whatever schedule you set and will download them automatical
Re:A non-apple user has some questions: (Score:2)
Apple has a couple flavors of updates. Their Security Updates [apple.com] are issued once every few weeks (monthly perhaps) and contain just that, security related patches. May 3 was Security Update update 2005-005 [apple.com] - the fifth in as many months.
Other updates come in the form of point releases (10.3.8 -> 10.3.9 [apple.com] for instance). They include any Security Updates that might have occured and gracefully manage upda
An example: (Score:3, Informative)
Here's an example of update type and frequency from my log. Note, I installed Panther on a fresh hard-drive on 4-20 there
Also note that this article isn't news (Thanks The Register) as most of us downloaded this 6 meg update days ago. I was
You call that a patch? (Score:5, Funny)
Re:You call that a patch? (Score:2)
Re:You call that a patch? (Score:2)
On behalf of MS & Linux I say, (Score:5, Funny)
A patch by any name is fine with me (Score:2)
This is a wonderful benefit of the Internet. No waiting for CDs in the mail. No waiting until a new version hit store shelves. I remember running a BBS with WWIV and being mailed 5.25" floppies with the latest improved and patch source
Beware (Score:5, Funny)
Re:Beware (Score:5, Funny)
Wouldn't a 'Mega-Patch' (Score:5, Funny)
Re:Wouldn't a 'Mega-Patch' (Score:2)
Re:Wouldn't a 'Mega-Patch' (Score:2)
article missing (Score:4, Funny)
Oh, my bad, not MS.
good good (Score:2)
What about *MY* Problem? (Score:2)
I skimmed through the change log but didn't see anything that addresses my problem. My B&W G3 will not boot by itself after the update two before this one.
Let me allow that to sink in for a moment ..... before I repeat myself. My Mac will not boot by itself after one of the last Panther updates.
If I have to reboot I have to hover over the keyboard and wait for the Startup "Pong" to do a PRAM flash, second "Pong" and the system starts just fine. If I don't do that the screen goes black and the sys
Re:What about *MY* Problem? (Score:3, Informative)
CAN-2005-1337 (Score:5, Funny)
Also a download for Windows (Score:5, Informative)
Re:Also a download for Windows (Score:3, Funny)
Re:Wishful thinking (Score:5, Funny)
American, I presume?
You're still on 10.3.9? (Score:5, Funny)
A nice balance (Score:4, Insightful)
Some people are posting and saying that Apple should release each update as soon as they patch it. This would be about one security update per day. Most users would probably find having to install a patch ever day to be rather annoying. They probably would wait until a number of them had built up anyway. They might even turn off updating altogether.
Besides, many of these security holes are only theoretical. If there are no exploits of them, does it really matter if the patch is delayed a few weeks?
I think Apple is striking a nice balance between endless daily updates and waiting for major OS updated every 18 months.
And in other news... (Score:5, Funny)
Slashdot Editor Grammar Still Not Get Better
No IMAPS Fix? (Score:4, Informative)
Basically, the problem is that if you use Mail.app to access a remote IMAPS server, you may experience problems synchronising your mailbox. My symptoms are that the synchronisation starts but even though the subject lines appear in the list, the connection does not seem to download the message body and close down successfully. It can take several minutes/hours for it to complete, if at all.
In the interim, I'm using Thunderbird on OS X, which is OK given that I use IMAP anyway, but it's far from ideal.
Come on Apple, fix Mail.app!
Yellow journalism (Score:5, Insightful)
Was it really necessary to echo The Register's ridiculous hyperbole in the article title?
Re:Apache Exploit (Score:5, Informative)
I believe it's referring to this bug [debian.org] in htdigest that was reported a year ago. If so, it affects linux systems as well.
I wouldn't worry too much about it, it's not a remotely exploitable overflow... it could be exploited by somebody who was allowed to upload a malicious CGI script to your server, but it would have to be somebody who was allowed to deploy CGI scripts to your apache server to begin with.
Re:Apache Exploit (Score:2)
I think the important thing is that the CGI script itself needs to be coded specifically to exploit the flaw. Of course THAT will be remotely exploitable.
But just using htdigest in a CGI script doesn't mean it's a vulnerability. The CGI itself needs to be malicious (or buggy in a very specific way).
Re:Poor mistakes (Score:4, Funny)
Re:Poor mistakes (Score:5, Insightful)
From Secunia.org:
Number of unpatched OS X vulnerabilites: 0% of 50 = 0
Number of unpatched XP vulnerabilities: 25% of 73 = 18. The oldest unpatched one is from 2002.
The .DS_Store vulnerability:
GET IT TOGETHER BEFORE IT'S TOO LATE!
It is not a critical vulnerability as it requires a local account to exploit it. Lay off the caffeine, man.
Re:Move along; nothing here to see. (Score:3, Insightful)
Oh, wait.
Re:Can you imagine (Score:4, Informative)