Modest Apple update slices third-party bugs
Dirty dozen vulns pureed
Apple has pushed out a major security update designed to crush a dozen security bugs, some of which present a critical security risk on unpatched systems. Many of the fixes involve flaws in third-party applications bundled with Mac OS X, rather the flaws in the OS itself.
Patches released by Apple on Tuesday address a malware injection risk in the CoreAudio media player, Flash Player plug-in bugs and a similarly critical vulnerability involving Image Raw. The update also tackles a recently discovered OpenSSL renegotiation exploit. Security fixes for CUPS and Image IO make up the remainder of the patch batch.
Andrew Storms, director of security operations for network security firm nCircle, described the size of the update as smaller than usual. The patch batch of six updates tackles 12 vulnerabilities, compared to the 40 odd bugs normally squashed by the fruit-themed consumer tech giant during a security update cycle.
"Most of these updates are connected with third party software. For example, seven of the twelve CVEs are connected with the update for Adobe's flash player plug-in," Storms said. "The remainder of the bugs patched today are the usual file format parsing problems that we've seen a lot of in the past."
An advisory from Apple (here) provides full details of the runners and riders contained in the update batch. Apple - unlike Microsoft, Adobe and Oracle - issues patch batches as and when they are needed rather than on a regular pre-announced monthly or quarterly schedule.
Bi-monthly updates from Apple are about par. Typically these updates are applied in the background and applied painlessly after Mac fans reboot their systems. ®
Now, if Apple would just let 3rd party apps/plugins/etc integrate with the "Software Update" mechanism, they wouldn't have to bundle things like Flash Player updates in with their OS X security updates. Plus, it would make keeping your entire system up to date so much easier.
What's all this bitchiness about girls?
Jeez hand out the tampons everyone's soooooooo premenstrual!
These companies - both Apple (I use that platform) and MS do their level best to get it right, as and when they can they do. It's all a moving target.
Could be worse, could be dealing with a car company who's poor products could kill ya!
Be grateful Citroen don't make op systems!
"as and when they can be bothered"
That would explain all the regular reports of Macs being compromised then.