Apple releases OS X Security Update 2006-007

Apple releases OS X Security Update 2006-007

Summary: Apple yesterday released Security Update 2006-007 for Mac OS X 10.3.

SHARE:
TOPICS: Apple
14

Apple Software UpdateApple yesterday released Security Update 2006-007 for Mac OS X 10.3.9 through 10.4.8. The update, which is available in Software Update and from Apple Downloads, weighs in at 23.9 MB (for Intel) and is available in several flavors.

Despite Apple's policy that it "does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," some pretty good information about the 2006-007 update is posted on the "About the security content" page.

According to CNet's Joris Evers the update repairs 31 vulnerabilities, including a zero-day Wi-Fi hijack flaw:

Other flaws addressed by the Apple update could let Macs be compromised through malicious sites, rigged compressed files or malicious font files, Apple said. The update also fixes four flaws in the Mac OS X Security Framework, the worst of which could crash Macs or display expired security certificates as still valid, Apple said.

Security Update 2006-007 is recommended for all users and improves the security of the following components:

AirPort
ATS
CFNetwork
Finder
Font Book
Font Importer
Installer
OpenSSL
PHP
PPP
Samba
Security Framework
VPN
WebKit
gnuzip
perl

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • This is good

    As to my knowledge, many of these vulnerabilities were not public knowledge. Which means Apple is actively searching for flaws on its own and fixing them before potential hackers uncover them. Its also nice that Apple has actually described what each issue is. Which they generally do not do.
    Stuka
  • What you fail to quote however is

    that Joris Evers also CLEARLY STATES:

    [i]However, Apple's update does not address all publicly known flaws in the operating system. Over the past few weeks bug hunters, as part of an initiative called the Month of the Kernel Bugs, have published details on several new vulnerabilities in Mac OS X. One of those was tagged "highly critical" by security-monitoring company Secunia.

    "Apple hasn't fixed any of the bugs published during the Month of Kernel Bugs, except for the AirPort issue," said "LMH," the code name of the security researcher who started the Month of the Kernel Bugs. "Apple users are still exposed to any potential risks related to those unpatched issues."[/i]

    Now if this were George Ou, every rabid Mac loving luni-tard would be on here foaming at the mouth because he (George) had failed to quote the original article correctly. I, however, would just like to quote it here for myself.
    Scrat
  • Unlike some . . .

    I'm good with the way Apple is approaching this and their time
    frames. They will sort everything out in due time. Thanks Jason.
    999ad@...
    • of course you are - you're brainwashed

      just like everyone else who thinks the APPLE STORE is the ONLY place to buy a new hard-drive for their laptop.

      amazing. apple allows no competition and dictates the prices of their products PLUS they NEVER have sales going in those stores or elsewhere but Microsoft is labelled a "monopoly".

      this must be the new math that they tried teaching to us years ago. the sort which doesnt add up.
      msnewsgroups
      • Let me get this straight...

        You think Apple users are 'brainwashed' and yet you can't
        understand how Microsoft has a monopoly?

        My guess is you never used a Mac if you don't see how MS is
        manipulating everyone. It's ironic, but Apple users have a better
        understanding of M$'s monopoly tactics than most people do.
        comp_indiana
      • You are completely

        off topic. Your rabid and ignorantly formed comments indicate your lack of knowledge towards the topic.

        /p!ssoff
        999ad@...
      • msnewsgroups: You are completely

        off topic. Your rabid and ignorantly formed comments indicate your lack of knowledge towards the topic.

        /p!ssoff
        999ad@...
      • Standard parts

        I bought a new hard drive for my Mac from newegg.com. It's probably the same one you have in your Windows machine.

        You were saying?
        tic swayback
        • And I bought a 300MB USB drive

          And spent 15 minutes trying to find where Apple hid the drive reformating and partioning.

          Good luck to anyone who isn't technical.

          Oops.
          TonyMcS
          • They hid Disk Utility????

            I thought it has been in Applications -> Utilities for the past five
            years...
            Benton Rich
          • Jeepers!

            ---And spent 15 minutes trying to find where Apple hid the drive reformating and partioning.---

            Fifteen minutes to find Disk Utility?

            Fifteen minutes to open Help and type in the word partition?
            tic swayback
          • 300MB USB Drive ? a valuable tiny antique!

            ... ready for the museum. I bought a
            350GB Firewire/USB drive a couple
            months ago as a backup external to my
            old G4 Mac Mini. Well, he has his 300MB,
            I have my 350GB, and I'm skipping the
            early TB drives to hold out for my first
            PB (PetaByte) drive ;-)
            (They'll all be Flash by then!) ... with
            Rainbow Scanners for the new storage
            medium (paper) invented by a 24-yr-old
            Indian Muslim, Sainul Abideen, for making
            storage at 1/10 the cost and 130 times the
            capacity of a CD (story in Arab news).
            ... now, to DL that Apple security update
            (Why have I lost the forward/back arrows
            in my Safari 2.0.4 toolbar?) ...
            Namorado_TX
  • It is funny...

    It is funny how these patches get reported differently between MS and Apple. Well, this is just a blog, but still...

    So, in your case, you don't even bother to tell us [b]how many[/b] holes were patched. If this was MS, the headline will contain words like: "Slew", "Bumper crop", Monster patch", etc. And those are all for patches that patches [b]fewer[/b] holes than what Apple patches.

    Which words should we then use to describe [b]31[/b] holes patched?

    http://news.zdnet.com/2100-1009_22-5890442.html
    (11 flaws)

    http://news.zdnet.com/2100-1009_22-6081634.html
    (it only says "a dozen")

    What is more interesting even is the response in those talkbacks. Now lets see if those same people will post the same type of response to this patch from Apple.

    Anyway, just thought it was interesting
    Qbt
    • Who knows?

      Maybe it's because Apple doesn't included updated EULAs in their security patches or
      tries to sneak spyware onto their systems as critical security patches, or maybe it's
      because many of these "holes" are actually from the open source community or
      third-party additions to OS X like Apache. Or maybe it's the fact that Apple issues the
      patch when it's needed and doesn't wait until the monthly Patch Tuesday no matter
      what.
      frgough