Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity

    Apple Releases Mac OS X Security Patches

    By
    David Morgenstern
    -
    October 4, 2004
    Share
    Facebook
    Twitter
    Linkedin

      Apple Computer Inc. has released a security update for its Mac OS X client and server software, plugging vulnerabilities in a wide range of services, including file sharing, printing and QuickTime. The update is the third set of patches offered in the span of a month.

      Although dated on the cusp of September, Security Update 2004-09-30 was actually released Monday in the first full week of October. The update spans Mac OS X 2.8 and greater; Mac OS X 10.3.5, released in August, is the latest version.

      The patches were offered through Apples automatic Software Update service as well as from its download page.

      The company identified some eight vulnerabilities in its latest patch release. Here is a rundown of the security fixes:

      • Image File Vulnerability. The wave of vulnerabilities relating to image files and libraries on all computing platforms continued as Apple stopped QuickTimes handling of a hacked BMP file that could allow “attackers to execute arbitrary code,” the company said. Similar issues with PNG (portable network graphics) files were addressed in an August update.

      /zimages/5/28571.gifClick here to read about exploits of the Windows JPEG file vulnerability.

      • AFP (Apple Filing Protocol) server vulnerabilities. Apple identified two problems related to its AFP server. One issue could allow a guest user to disconnect the server, while another could let guest users read data in a write-only directory. The company said the problem affects only machines running Version 10.3, aka Panther.
      • Printing systems. Apple fixed several issues relating to its implementation of the CUPS (Common Unix Printing System) hardcopy architecture. One issue left the server open to a DOS (denial of service) attack, and another allowed certain remote printing authentication methods to gain access to the passwords in the local log files.
      • Application vulnerabilities. Security problems with NetInfo Manager and ServerAdmin application, along with the Postfix mail server implementation, were treated.

      The NetInfo Manager issue, found only in OS X 10.3 systems, was subtle but could prove problematic to some IT managers. The utility software can enable root access to the machine, but after logging in as root, the software couldnt disable the access, even though the account appeared to be disabled.

      Mac IT managers reported no early trouble installing the update.

      “Most of these [vulnerabilities] are exploitable, but only in the most strange and bizarre sense,” said Ron Hipschman, senior media specialist at San Franciscos Exploratorium science museum. While he said he is glad for the fixes, he didnt expect them to be readily exploited by attackers. “Youd have to be a real script kiddie to do so.”

      /zimages/5/28571.gifCheck out eWEEK.coms Macintosh Center for the latest news, reviews and analysis about Apple in the enterprise. And for insights on Macintosh coverage around the Web, check out eWEEK.com Executive Editor Matthew Rothenbergs Weblog.

      /zimages/5/77042.gif

      Be sure to add our eWEEK.com Macintosh news feed to your RSS newsreader or My Yahoo page

      Avatar
      David Morgenstern
      David Morgenstern is Executive Editor/Special Projects of eWEEK. Previously, he served as the news editor of Ziff Davis Internet and editor for Ziff Davis' Storage Supersite.In 'the days,' he was an award-winning editor with the heralded MacWEEK newsweekly as well as eMediaweekly, a trade publication for managers of professional digital content creation.David has also worked on the vendor side of the industry, including companies offering professional displays and color-calibration technology, and Internet video.He can be reached here.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×