Sponsored by
 |
|
|
|
Apple Releases Mac OS X Security Patches
By David Morgenstern
2004-10-04
Article Views: 621
Article Rating: / 0
| Rate This Article: |
|
| Add This Article To: |
|
|
The update fixes about eight vulnerabilities, including an image file problem and printing and networking holes.Apple Computer Inc. has released a security update for its Mac OS X client and server software, plugging vulnerabilities in a wide range of services, including file sharing, printing and QuickTime. The update is the third set of patches offered in the span of a month.
Although dated on the cusp of September, Security Update 2004-09-30 was actually released Monday in the first full week of October. The update spans Mac OS X 2.8 and greater; Mac OS X 10.3.5, released in August, is the latest version.
The patches were offered through Apples automatic Software Update service as well as from its download page.
The company identified some eight vulnerabilities in its latest patch release. Here is a rundown of the security fixes:
Image File Vulnerability. The wave of vulnerabilities relating to image files and libraries on all computing platforms continued as Apple stopped QuickTimes handling of a hacked BMP file that could allow "attackers to execute arbitrary code," the company said. Similar issues with PNG (portable network graphics) files were addressed in an August update.
 Click here to read about exploits of the Windows JPEG file vulnerability.
AFP (Apple Filing Protocol) server vulnerabilities. Apple identified two problems related to its AFP server. One issue could allow a guest user to disconnect the server, while another could let guest users read data in a write-only directory. The company said the problem affects only machines running Version 10.3, aka Panther.
Printing systems. Apple fixed several issues relating to its implementation of the CUPS (Common Unix Printing System) hardcopy architecture. One issue left the server open to a DOS (denial of service) attack, and another allowed certain remote printing authentication methods to gain access to the passwords in the local log files.
Application vulnerabilities. Security problems with NetInfo Manager and ServerAdmin application, along with the Postfix mail server implementation, were treated.
The NetInfo Manager issue, found only in OS X 10.3 systems, was subtle but could prove problematic to some IT managers. The utility software can enable root access to the machine, but after logging in as root, the software couldnt disable the access, even though the account appeared to be disabled.
Mac IT managers reported no early trouble installing the update.
"Most of these [vulnerabilities] are exploitable, but only in the most strange and bizarre sense," said Ron Hipschman, senior media specialist at San Franciscos Exploratorium science museum. While he said he is glad for the fixes, he didnt expect them to be readily exploited by attackers. "Youd have to be a real script kiddie to do so."
Check out eWEEK.coms Macintosh Center for the latest news, reviews and analysis about Apple in the enterprise. And for insights on Macintosh coverage around the Web, check out eWEEK.com Executive Editor Matthew Rothenbergs Weblog.
Be sure to add our eWEEK.com Macintosh news feed to your RSS newsreader or My Yahoo page
|
|
 |
|
| FEATURED DISCOVERY TOOL |
New from Ziff Davis Enterprise, this interactive tutorial provides an immersive educational experience and a guided tour of HP’s broad range of storage solutions. Using the Interactive Discovery Tool, you control the sequence of topics and drill down to the most relevant content for your company’s needs. Each page includes links to insightful white papers, videos, eSeminars, and case studies highlighting the importance of efficient enterprise storage.
Click here to check it out today and take advantage of access to helpful assets that address:
- Reducing backup dataset sizes with deduplication
- Storage consolidation and virtualization
- Optimized file services
- Disk-to-tape and disk-to-disk backup and archiving
Visit now!
| |
Sponsored by
 |
|
|
| DOWNLOADABLE ROI CALCULATORS & TOOLS FROM BASELINE |
Calculate Cost and ROI of Spam, VOIP, RFID, Sarbanes-Oxley and more...
Featured Calculators:
See More Tools!
By Category| Planners |Calculators | Quizzes
|
|
|
|
|
|
|
 |
EWEEK E-MAIL NEWSLETTERS bring you reliable, timely
information to stay on top of the business of technology -- and
technology in business -- and get more out of the Web.
Make your choices and start your subscriptions today!
| 
|
 |
EWEEK RSS NEWS FEEDS contain a daily feed of our latest stories from over 30 different categories including Enterprise Apps, Business Intelligence, Security, VOIP and more!
Subscribe to our RSS feeds today for free...
| 
|
|
|
