Apple Preps Mac OS X Server Security Update

The patch reportedly updates Mac OS X's installation of Apache 2.0, fixing a security hole in mod_dav.

Apple Computer Inc. is preparing to release a security update to Mac OS X Server, sources said. The patch will reportedly update Mac OS Xs installation of Apache 2.0, fixing a security vulnerability.

The company Wednesday seeded a pre-release copy of the update to developers. The security update was marked June 5, indicating that Apple plans to release it to users today.

The update will upgrade Apache to Version 2.0.46, patching a security hole in mod_dav, an Apache module that provides DAV functionality. When set off remotely, this security bug can cause Apache to crash, according to documentation.

The Apache Software Foundation announced Version 2.0.46 late last month, acknowledging the mod_dav hole in previous releases. In the updates release notes, the group described a number of other vulnerabilities and bugs that Version 2.0.46 resolves.

In the seed notes accompanying Apples update, the company noted that Apache 1.3 is Mac OS X Servers primary Web server and is unaffected. While Apache 2.0 is included with Mac OS X, it is deactivated by default.

Last month the Mac maker released Mac OS X 10.2.6, a free update for both client and server versions of the OS. The update tweaked graphics and OpenGL, improved compatibility with third-party peripherals, and fixed bugs.

As Apple continues to update Mac OS X 10.2, its already announced plans to unveil Mac OS X 10.3, a k a Panther, in June. Panther, reportedly due to ship in September, will pack an arsenal of innovative new features aimed at putting users at the center of a pervasive computing experience that allows them to move seamlessly among Macs and other devices.

Apple in March announced that it was moving back the 2003 edition of its Worldwide Developers Conference from May to June so the show would coincide with delivery of a preview release of Panther.

Cupertino, Calif.-based Apple was not immediately available for comment.

Matthew Rothenberg contributed to this story.