Security Update 2006-004 released

Security Update 2006-004 released

Summary: Apple yesterday released Security Update 2006-004 (8.5MB) for Intel and PPC Macs that fixes 26 vulnerabilities in Mac OS X. True to Apple's style (and security policy) few details were released about the update...

SHARE:
TOPICS: Apple
4

security-update-2006-004.pngApple yesterday released Security Update 2006-004 (8.5MB) for Intel and PPC Macs that fixes 26 vulnerabilities in Mac OS X. True to Apple's style (and security policy) few details were released about the update:

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred, and any necessary patches or releases are available. To learn more about Apple Product Security, visit the Apple Product Security website.

According to VUnet.com:

Of the patched security holes, 17 could expose the user to an arbitrary code execution.

Four of the remaining vulnerabilities could lead disclosure of confidential information, two could cause an application to crash. A local user in three cases could exploit a flaw to gain additional user rights and in one instance

As always, I recommend waiting at least 72 hours then checking with sites like MacFixIt and Apple's Mac OS X Apple Discussion Forum before installing any software updates. After any initial issues have been addressed, download the update via Software Update. More details are available in knowledge base Article ID: 304063.

Processor and OS specific versions of the update are also available:

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • How much info do you need?

    "True to Apple's style (and security policy) few details were
    released about the update"

    In the update note is the link to the security site which describes
    in detail the patch:

    http://docs.info.apple.com/article.html?artnum=304063

    It provides full disclosure of the relevant CVE-IDs. What more do
    you want?

    The quote you provide is standard security practice for most
    proprietary software companies, i.e only discuss vulnerabilities
    after they have been fixed.

    "As always, I recommend waiting at least 72 hours then checking
    with sites like MacFixIt and Apple's Mac OS X Apple Discussion
    Forum before installing any software updates."

    If you're going to delay keep checking these sites to see if an
    exploit is released (the one's exposed through Safari are
    particularly concerning).

    Realistically any issues will be uncovered and discussed ad
    nauseam within the first 6-12 hours.
    Richard Flude
    • Waiting to download updates

      Sometimes, problems are not discovered for a few days - usually
      problems with specific apps.

      We had a problem with Word failing to launch after an update.
      Had another problem with Acrobat Pro with another update.
      Both of the above required trashing prefs and reloading the
      apps. I had not heard of either problem prior to update.

      Depending on what applications you have and your particular
      setup, it can be a little while until problems are discovered
      j.m.galvin
      • Your mileage may vary

        but I downloaded and installed this security update on both my G4
        PowerBook and G4 iBook and have noticed nothing peculiar. And
        the PowerBook has been through all the usual paces today.
        Actually, window opening seems snappier on both(?). Anyhow, i
        also run Classic with some antique 1994 apps and they're all
        running just fine too. Just my 2? worth.
        999ad@...
  • fqzrgtg 85 dgs

    tvcjar,kuwzraeg57, iubec.
    bdfwekrwe79-24378988605166416139795824314181