Apple patches more than a dozen holes in OS X
Five uber updates in as many months
Apple has released an update that patches more than a dozen OS X vulnerabilities, several of which can lead to the remote execution of malicious code.
The most serious vulnerability resides in an OS X feature called mDNSResponder, which enables computers to locate and connect to devices such as printers and webcams on a local network. An attacker could use it to execute code by sending malicious packets to Macs connected to the same subnet, making the exploit ideal for use in internet cafes and offices.
Code exploiting the vulnerability has already been circulated by Immunity, a company that provides intelligence to security providers, according to Immunity's CTO, Dave Aitel.
"Remote roots like this don't come out every day," he said of the vulnerability.
Apple credited Michael Lynn of Juniper Networks for reporting the vulnerability. Lynn was the Cisco security researcher whose bosses threatened him with legal action in 2005 after publicly discussing vulnerability details in Cisco routers.
Yesterday's update was the fifth time in as many months that Apple has released to patch multiple security holes in its software. Apple has released other security patches this year, most recently to fix a high-profile vulnerability in QuickTime that allowed a hacker in a contest to publicly hijack a brand new MacBook Pro.
Among the other serious holes plugged in yesterday's update is flaw in OS X's CoreGraphics. That vulnerability could allow attackers to run code on a victim's machine by enticing users to open a maliciously crafted PDF file. ®
COMMENTS
Simple rules
Life has a few simple rules you have to follow if you don't want to be taken advantage of. You know the ones: don't drink from opened bottles, don't pull out your wallet while talking to someone you don't know on the street, etc.
Like life, there are a few simple rules to having a secure Windows box:
1) Don't run Internet Explorer.
2) Don't run Outlook.
3) Always keep Windows up to date.
4) Don't run stuff you don't trust.
I'm sure you *NIX savvy folks could come up with a list of dos and don'ts, too.
But as for MacOS, can you name anything that a common user (barely able to send an email) could have done to negate the threats described in this article? Security through obscurity only works as long as MacOS itself is obscure. Just be glad that these holes were found by someone with morals.
Honestly, if you think Windows users are ignorant and susceptible, just you see what will happen to Grandma when that "Apple computer credit card confirmation request" window pops up while she's watching a short video of her grandkids on her brand new "friendly and secure" iMac. At least with a "notoriously insecure" PC she might have called up a more knowledgable family member before completely filling out the form...
RE: Cause of infections
"Interesting. In MY exerience, ALL of the infections I've seen were caused by a POS insecure operating system."
So are you alluding to OSX being a POS operating system since your comment is within a post about OSX having to be patched 5 times in 5 months?
Again, its security by obscurity and its going away now that OSX is running on more and more machines. It will snowball as more vulnerabilities will be found.
In hundreds of megs of code there are going to be exploits regardless of the OS. The advanage upcoming OSX hackers have is that most of their users are unaware and unprotected. Since everyone likes to assume its more secure once you get a useful exploit it will likely go untreated.
re No viruses here either...
That was essentially my point, though perhaps being too oblique about it: the previous poster never mentioned having anti-virus software because it is a given, any Microsoft OS system must be boarded up and guarded before browsing whereas a Linux or Mac OS is not anywhere near as vulnerable and users in general can browse without having to take extra measures to protect their system at all.
That is the key difference between the various systems, whether or not someone with perverse determination wishes to spend 12 hours or so breaking into an OS, the Mac and Linus systems have a base level of security (essentially sufficient for typical usage) out of the box which all Microsoft systems, so far, have failed to deliver.
Users should take some responsibility for their machines.
I have been using windows on all my machines as far back as windows 3.1, all the way up-to-date with Vista, I never have Anti-Virus software installed and I have never had a virus on any of them. I have a firewall at the edge of my network (in my NAT/Router), and all my machines have email accounts/browsers.
I'm not saying windows is any more/less secure than anything else, but I know I am. I'm not stupid enough to open attachments from unknown sources, and visit web-sites I don't know/trust.
It's like anything else in this nanny state/world we live in at the moment, it's always someone elses fault. 'It's McDonalds fault I'm fat', 'It's the tobacco companies fault that I smoke' and 'it's microsofts fault that I opened an attachment called 'nakedgirls.exe' sent to my by someone I've never heard off, and now I have a virus'.
Take responsibility for your own actions.
