Apple plugs 88 Mac OS X security holes

Apple plugs 88 Mac OS X security holes

Summary: In some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.


Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.

The Mac OS X v10.6.3 update, which is considered "critical," covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.

In some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.

follow Ryan Naraine on twitter

In another case, a Mac user running spell-check could have his/her machine hijacked by hackers.

The update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.

It also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.

Here's the full list of the patched vulnerabilities.

The Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web page.

Topics: Security, Apple, Hardware, Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Only 88?

    I did not think Macs had any security holes ;-)
    • Re: Only 88?

      Apple is still working the details out to disable the rest of the keys on the keyboard!
    • See the problem

      You were listening to the wrong people.

      Or you didn't update your joke book.

      I look on bright sides: you've got it out of your system and we won't hear
      this same tired joke/cliche/canard again when the next update rolls out,
      some time in the next six weeks.
      • Looks like I hit a nerve. Too bad (nt)

        • Not really - but you are being pitifully predictable (nt)

          • The only pitifully predictable thing is....

            the reaction of Apple fan boys, who apparently have no sense of humor whatsoever. That is indeed pitiful.
          • But you weren't being funny

            I was.

            lol... :D
            still not nice
          • What do you mean "I was"??

            so you are posting under more than one nic?
            That would not surprise me one bit since you are a joke, that would be the only way you are funny, and it's not a good kind of funny.
          • And so are you {nt}

    • Let's see

      We have an emergency roll out of an IE patch today which is the most used web browser on the planet and is integral to the MS OS.

      We have heard about IE8 being pwned despite ASLR and DEP mitigations in Win 7.

      And you think your sarcasm is funny. Many of the items patched in the Apple Update were not security issues or dealt with 3rd party code. But you would not know of this because you don't own a Mac.

      Well you are funny. Most clowns are :)
      • LMAO! Pwn2Own 2010 revealed flaws last week

        Microsoft took care of them today!

        How do you account for 88 (Hey that's a lucky number!) patches? Did they occur last week at Pwn2Own?

        And for the record, these 88 Apple patches, do not mitigate the vulnerabilies revealed publicly at Pwn2Own 2010 concerning Apple.

        Tough eh?
        • Could you please link to the ones that weren't fixed, if there are any?

          [b] [/b]
          • re

            Info: The largest security issues with a Mac is its users heads are in the sand and will not accept the FACT they are no more secure than a Windows machine. If you see danger coming close your eyes.
          • Is that a no?

            [b] [/b]
        • Man, are you ignorant or what?

          The patch today was for IE6 and IE7. The Pwn2Own was explicitly an IE8 exploit. That has not been discussed at length by MS and there is no patch for that that I know of. You really think MS could create any code in less than several months?

          The 88 Apple patches all taken together do not represent anything close to the threat of these two known IE exploits. In fact many of them were usability issues, not attack vulnerabilities. Luckily I don't use IE and my V6 install is now patched.

          Do you read things before demonstrating that you really are a Tard?
          • I got an IE8 patch today. I don't run IE6 or IE7. Are you ignorant or what

      • re-

        Safari???? 3rd party code???? Get your head out of the sand. I love my mac buy it is safer than Windows only because nobody cares.
  • hurray for Apple

    its nice they are patching things up!

    while its "88" its bad form to call them security holes, a lot of the
    updates aren't really security issues, but plenty of them are.

    They call them security... because they can be related to security, not
    that they pose much of a threat. For example... one update is because
    ClamAV might not be able to update itself... not that it was directly a
    security hole or anything. It doesn't pretend to update and doesn't, it
    would just fail. A lot of others are things that only happen on certain
    OS versions if you have certain other 3rd party (non default) software

    so overall its great Apple is fixing problems, even 3rd party related
    • Hurray indeed. And Tiger is left hanging!

      As usual Apple will not explain or commit to

      Tiger users are just left behind. And now the
      vulnerability information is all out there.

      Upgrade or else...

      Oh sorry, you are on PowerPC? Well, we have an
      upgrade for that. You just need to buy this new

      What you say? You bought this machine in 2007?
      Seriously, are you still running a 2007 rig?
      How is Apple supposed to live without you
      buying a new machine (and OS license) at least
      every 2 years? Get in the program, will you?

      Hurray. Apple makes money. Extorting customers,
      but Apple makes money.

      Hurray, Hurray
      • Silly, silly troll...

        Still bleating about that? Apple have done this successfully before. In fact when they announced the transition to Intel, they made it very clear that they would stop supporting the PPC architecture within 5 years. 10.6 was released 4.5 years after this announcement. I have a 2007 iMac that runs 10.6 perfectly. Please, take your idiotic and puerile prejudices and shove them up your arris...