The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Apple unloads torrent of patches, plus the first iPhone update
Time: 09:52 EST/14:52 GMT | News Source: News.com | Posted By: Jonathan Tigner

If you own a Mac or an iPhone, chances are you'll need to download at least one of the security updates issued by Apple late Tuesday.

Dozens of vulnerabilities and bugs were covered by a total of six downloads for Mac OS 10.3.9 (Panther), Mac OS 10.4.10 (Tiger) on PowerPC, and the Universal version of Mac OS 10.4.10, as well as the server versions of each of those operating systems. Each download contains several patches to correct flaws, and Apple is recommending that all users of those operating systems download the updates.

Finally, Apple also released a new version of Safari 3.0, which is still in beta. The new version, Safari 3.0.3, fixes some security flaws for both the Windows and Mac OS versions of the browser.

Write Comment
Return to News

  Displaying 1 through 25 of 349
Last | Next
  The time now is 9:56:43 PM ET.
Any comment problems? E-mail us
#1 By 32132 (142.32.208.232) at 8/1/2007 10:41:55 AM
48? In the last month?

"Apple on Tuesday pushed out security updates to fix at least four dozen security holes in its Mac OS X operating system and other software."

http://blog.washingtonpost.com/securityfix/2007/08/apples_48_security_fixes_inclu.html?nav=rss_blog

#2 By 1896 (68.153.171.248) at 8/1/2007 2:41:21 PM
Thanks #1; I was betting that the first post about Apple bugs would have been from you and I won.
Thanks again :-)
Seriously speaking everything invented, developped, assembled etc, by humans is flawed; we are not perfect therefore we cannot create something perfect.
Personally I have no problems with bugs... as long as they are patched and patched quickly.

#3 By 32132 (66.183.202.89) at 8/1/2007 3:13:18 PM
#2 Thanks. I bet a bunch of people a moron would chime in and try and deflect the discussion away from Apples atrocious number of security holes.

I won.

#4 By 15406 (216.191.227.68) at 8/1/2007 3:41:35 PM
http://en.wikipedia.org/wiki/Psychological_projection

#5 By 2960 (24.254.95.224) at 8/1/2007 3:51:19 PM
What Microsoft doesn't fix is far more important than what apple DOES fix.

TL

#6 By 7711 (71.188.7.250) at 8/1/2007 4:25:35 PM
But Apple never tells us what they fix...."miscellaneous bug fixes"

#7 By 1896 (68.153.171.248) at 8/1/2007 6:41:20 PM
#6 this is true and it is something I never liked about Apple.
The time of the High Priests that do not need to comunicate with normal people are long gone.

#8 By 32132 (66.183.202.89) at 8/1/2007 10:20:29 PM
#5 And I just assume that Apples limited programming staff can't keep with so many fixes ... which means they are way behind.

That explains the "unofficial" monthly patch cycle adding up to 400-500 bugs so far this year alone.

Or is it 1000 security holes this year... and only 500 patched so far and 500 to go if they could only hire a few hundred more programmers.

It would be nice if Apple had a place to add them up ... but I understand it would be humiliating to them.

#9 By 2960 (24.254.95.224) at 8/2/2007 8:13:11 AM
Dude, you should be in the Pretzel business because no one, and I mean NO ONE, can twist things like you do.

TL

#10 By 8556 (12.207.97.148) at 8/2/2007 8:54:57 AM
NotParker: Vista still had about 2500 reported bugs that were not being addressed at the time it went gold. The data was available to official beta testers.

All software companies think buggy is "good enough".

#11 By 15406 (216.191.227.68) at 8/2/2007 9:08:07 AM
#3: I bet a bunch of people a moron would chime in and try and deflect the discussion away from Apples atrocious number of security holes.

I'll have to save this choice quote away. 2 days from now, when it's announced that Windows/IE/Office/whatever suffers from some serious issue and you instantly deflect by going on about Apple or Firefox bugs, I'll have the perfect reply.

#12 By 15406 (216.191.227.68) at 8/2/2007 9:10:28 AM
#9: You are watching a true believer in action.

This post was edited by Latch on Thursday, August 02, 2007 at 09:12.

#13 By 13030 (198.22.121.110) at 8/2/2007 9:15:17 AM
#5: What Microsoft doesn't fix is far more important than what apple DOES fix.

Profound and so very true.


#9, Amen!

#11, I stopped collecting ammo for the future... I ran out of storage space!

#12, Nevermind... your edit pulled the rug out from under this comment.

This post was edited by ch on Thursday, August 02, 2007 at 10:07.

#14 By 23275 (24.179.4.158) at 8/2/2007 9:16:39 AM
HOw about we just look at it for what it is - the manufacturer, Apple, like Microsoft, is supporting the products they make and their customers that use them.

#15 By 37 (76.210.78.134) at 8/2/2007 9:49:38 AM
Apple FTW!

#16 By 13030 (198.22.121.110) at 8/2/2007 10:08:53 AM
#14, Bah! Even if we know that's reality, there's no repartee in that!

#17 By 32132 (66.183.175.51) at 8/2/2007 10:30:49 AM
Apple - So overstressed it disables features rather than fix insecurities:

"Seeming to closely follow the information disclosed by InfoSec Sellout, Apple's mDNSResponder update addresses a vulnerability that can be exploited by an attacker on the local network to gain a denial of service or arbitrary code execution condition. Apple goes on to identify that the vulnerability it is addressing exists within the support for UPnP IGD (Universal Plug 'n Play Internet Gateway Device - used in port mapping on NAT gateways) and that an attacker can exploit the vulnerability through simply sending a crafted network packet across the network. With the crafted network packet triggering a buffer overflow, it passes control of the vulnerable system to the attacker.

Rather than patching the vulnerability and retaining the capability, Apple has completely disabled support for UPnP IGD (though there is no information about whether it is only a temporary disablement until vulnerabilities can be addressed).

There has already been some chatter on various mailing lists about this seemingly-odd move by Apple, with the responses primarily indicating that observers have found this particular method of addressing a vulnerability to be humorous."

http://www.theregister.co.uk/2007/08/02/apple_worm_threat_response/

HA HA HA HA HA. It is humorous.

This post was edited by NotParker on Thursday, August 02, 2007 at 10:33.

#18 By 32132 (66.183.175.51) at 8/2/2007 10:31:57 AM
#10 The numbers I am using are security bugs. The 2500 reported bugs in Vista are not security bugs.

Do you understand the difference?

#19 By 32132 (142.32.208.232) at 8/2/2007 11:01:54 AM
#9 My point is that Apple has so many security issues, and they devote too few resources to fixing, and now they have gained attention, they can't keep up.

See #17 for evidence that they are too overwhelmed to do a good job.

#20 By 15406 (216.191.227.68) at 8/2/2007 11:44:46 AM
#17: Funny how you disparage the Register until they print something that you agree with.

Here's the MS I know and love:

http://www.informationweek.com/story/showArticle.jhtml?articleID=201202289

Spin that one.

#21 By 32132 (142.32.208.232) at 8/2/2007 12:08:18 PM
"According to the suit, the wiring that connected the Xbox 360 ..."

"The lawsuit claims the fatal fire occurred in December 2004, even though the Xbox 360 didn't officially launch until May 2005"

"Microsoft recently learned about this tragic incident that occurred in December 2004," a Microsoft spokesman said in an e-mail. "Our sympathy is with the family. However, we are not aware of any evidence that an XBox caused the fire. Also, the complaint specifically states that an XBox 360 was involved, but this version of the product was unavailable for purchase at that time."

http://www.informationweek.com/story/showArticle.jhtml?articleID=199701773&cid=RSSfeed_IWK_News

Its sad how a story in May drops a few pertinent facts before reprinting in August to make it a little easier to smear Microsoft.

Now we know who Latch gets coffee for.

This post was edited by NotParker on Thursday, August 02, 2007 at 12:11.

#22 By 15406 (216.191.227.68) at 8/2/2007 12:27:18 PM
#21: That's the best you can do? A tiny mistake (XBox vs XBox 360) that MS even ignored? It's funny yet sad about the lengths of absurdity that you will go to to try and explain away MS' chronic bad behaviour.

#23 By 13030 (198.22.121.110) at 8/2/2007 12:47:38 PM
#20, I noticed that too. lol... NotParker the link farmer harvested the wrong crop that time.

#22, When I was doing consulting work for Nortel a decade ago, there was this one (very smart) guy who exuded Microsoft zealotry at all times. He proselytized any problem as solvable with Microsoft technology. We didn't agree on several issues and, thankfully, I was the consultant, so my opinion trumped his on many issues. He left the company about half-way through my two year tour of duty and left as many good marks as bad before he started working for... drum roll... Microsoft! Perhaps, NotParker is just greasing the palms and stroking the egos of his (desired) future masters? Just speculation on my part...

Contrary to NotParker's constant claim of my "hate" for Microsoft*, I take a pragmatic approach to software development. Do what is right and use the right tools to solve the problem, regardless if it involves Microsoft. More often than not, Microsoft figures heavily into the solution, but it's not the be-all-end-all of technology solutions.

* I still don't know how NotParker resolves hate for Microsoft while owning Microsoft stock, but it probably would take a specialist to reconcile the thought process of a NotParker type.

#24 By 37 (76.210.78.134) at 8/2/2007 12:58:42 PM
Xbox 360 didn't officially launch until November of 2006. May was when it was announced on MTV that they will start producing the Xbox 360 console in November of 2006.

#25 By 15406 (216.191.227.68) at 8/2/2007 1:27:57 PM
#23: You mean he STILL hasn't taken up your challenge yet? Sheesh.

Write Comment
Return to News
  Displaying 1 through 25 of 349
Last | Next
  The time now is 9:56:43 PM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *