Apple patches 13 bugs in OS X
At least 6 critical vulns squished
Apple has punched out a security update for some major bugs found in its Mac OS X operating system.
The Jobsian outfit released the update yesterday afternoon, which patches 13 vulns located in OS X components such as CFNetwork and Apple Type Service.
Apple has also fixed issues found in open source components including PHP, ClamAV software and Samba.
According to Apple’s notes on the update, at least six of the bugs could be exploited to run nasty code on the OS X.
The 2010-005 update can be downloaded here. ®
argument without merit
1 I don't run around blindly downloading stuff
2 I don't just install stuff blindly
3 I have a proper backup system in place (Time Machine every hour, Carbon Copy Cloner every night) which means that if I _did_ download something silly the worst that would happen is that I'd lose whatever hadn't been backed up by TM and/or whatever CCC hadn't got. Note that the CCC backup is an updatable clone of the system, so that I can immediately boot from it and be where things were as of when CCC ran last night (early this morning, rather, as it's set to run at 01:00 every morning) and that I'd then need merely dig out the TM backups for anything changed/added since then.
However, I have backups set up not to avoid problems with malware, as the last, the very last, significant malware for Macs was the autostart worm from back in 1998, and even that one was easily dealt with _without_ using AV software (hint: it created several invisible files. Make 'em visible, kill them. Reboot. Problem over. Detailed instructions at <http://www.macintouch.com/hkvirus.html#desc>, though it should be noted that, as usual, the boyz at MacInTouch got far too overwrought and really need to take a chill pill.)
There has been no significant malware since then. I repeat: NO SIGNIFICANT MALWARE SINCE THEN. The best there has been are a few Trojans and the odd pitiful attempt at spyware, all totaling under two dozen attempts. That's less than 24 attempts at malware that somehow managed to attract even minimal attention in _12 years_. (There may well have been other attempts which failed so utterly that no-one noticed they were there...)
Over on the Linux side, there haven't been even that level of malware. No-one running Macs or Linux boxes takes significant precautions against malware because THERE IS NO MALWARE TO DEFEND AGAINST. There hasn't been a significant attack since 1998. (Of course, one reason why is that Apple patches potential problems every now and again. Perhaps not as quickly as some would like, but given that the last serious attack was in 1998...)
I've got ClamXah stored in a ZIP archive somewhere on the server; if there's ever a real threat, I can unZIP it and install it in a few moments. But I'm not holding my breath waiting.
If this be smug, by all means make the best of it.
Just don't yap utter bullshit about vulnerabilities which would evaporate if only you avoided downloading strange software or if you merely had an adequate backup. Come ON, man, you've been working on a 'doctoral thesis' for _FIVE YEARS_ and haven't backed up once in all that time? What the _HELL_ are you thinking? What are you gonna do _when_ that hard drive croaks? Remember always, there are two, and only two, kinds of hard drives: the ones which have failed, and the ones which haven't failed... yet. I keep _multiple_ copies of important documents. At least one copy would be on an optical disc, and so totally immune to malware problems.
Again, if this be smug...
Allways have that argument without merit
As a person who's been around some version of unix (workstation to server) for over 2x decades, the argument that unix workstations are safer because people *have* to escalate their privileges for a number of tasks is without merit. (Note the word workstation)
If I download some app off the web that wipes all of my personal photos, do I really care that much that /bin/sh was not able to be modified? Do I care if the browser has a malware addon giving out my bank information to someone else that only gives out information for when I login but not when the the root user does. If my doctoral thesis I've been working on for the past 5 years gets blown away, I really care about it and having to type a password to become root doesn't protect me.
I find the often used argument that a user on a workstation can operate a lower level "protects us" completely devoid of reality. It sounds blasphemous but I don't really care about protecting my workstation OS, that's the last thing I really care about, it's pretty much a throwaway (I have no love for the version of /bin/bash and require keeping it); but I do care a whole hell of a lot about protecting all the things I've done with the OS: i.e. not having files deleted, not having personal files copied, not having my browser leak information, etc. Running as a non-privileged user will not protect you against that. The ability to break into root on a workstation might get headlines but for the most part who cares if all your user data is gone?
David Edwards speaks crap
"As a recent MAC user I was surprised to have to enter my password every time I moved some of the apple pre installed apps like Garrage band, into a different fodler."
That is complete rubbish. To test your assertion, I did exactly as you claimed and moved Garage Band from the Applications folder to the Desktop - and no password was required. I then moved it back to the Applications folder - still no password required for this simple and safe action.
Since you call a Mac a MAC, I find it unlikely you are a user - regular, recent or otherwise.