Apple Releases Godzilla-Sized Security Patch

November 16th, 2007 - 9:11 pm ICT by admin  

Microsoft’s Patch Tuesday was rather uneventful this month, but Apple’s latest release of security fixes on Wednesday was anything but light. In all, Apple patched 41 vulnerabilities in Mac OS X and related software.

The company released an update for Tiger, fixed 10 bugs in the Windows version of Safari, and upgraded several other third-party applications. In the eyes of Graham Cluley, a senior technology consultant at security research firm Sophos, Wednesday’s release was a Godzilla-sized security update that exceeded about 130 MB in size.

The update includes 15 critical fixes to patch vulnerabilities that Apple said could open the door for “arbitrary code execution” that leaves a Mac compromised. More than two dozen other patches fixed vulnerabilities that could crash the OS or applications, allow malicious Web sites to do drive-by downloads, poison the machine’s DNS cache, or allow hackers to steal information or search for files on the victim’s hard drive.

Fixes for Mac OS X

“The most critical patches here address vulnerabilities which could allow hackers to run malicious code on users’ Macs without their permission,” Cluley said. “The good news is that modern Macs are configured to automatically download security patches in the background when the user connects to the net. Home users should allow their Macs to do this rather than leaving it until a threat emerges.”

Cluley noted that these vulnerabilities were announced in the wake of the discovery of the first true financially motivated piece of malware to hit the Mac. The RSPlug Trojan, developed by the Zlob gang that has been successfully targeting Windows PCs for months, was recently discovered on Web sites posing as a codec to allow Mac owners to watch videos.

Although many say Mac computers are much less frequently targeted than Windows PCs when it comes to malware and hack attempts, Cluley said that…

Tags: , , , , , , , , , , , , , , , , , , ,

Posted in Technology Industry News |