| Recent Articles |
On Leopard Compatibility
I know a lot of people rushed to installed Leopard (Mac OS X 10.5) last night and my friends found it very odd that I was not one of those early adopters. I've owned and used Macs day-in, day-out for almost two...
Can Macs Log Out Automatically After Inactivity?
Hi Dave. I run a network of Mac computers at a high school in Oregon and find that the kids often leave their computers running after class. This means the next time someone goes to use the computer they're in the...
The K.I.S.S. Approach To RSS / Atom Feed Reading...
One of the things that I have been very conscious about this time around over the last few weeks, while I am putting things together to make my MacBook Pro my default work machine vs. the Windows notebook , is to actually apply the K.I.S.S. principle. Something...
Installing A Trusted Root Certificate On My Mac?
I keep getting errors about not being able to establish a secure connection with my mail server in Entourage because of a bad root certificate. My ISP has sent me the necessary "trusted root certificate" file, but I have...
10 Essential Windows Tools For The Mac
After the initial couple of weeks using more and more the MacBook Pro I must say that I am still enjoying the experience quite a bit. I have already started the migration of most of the productivity tools that I...
Having Email From My IPhone Automatically...
I have a new Apple iPhone and have been greatly appreciating all your iPhone help, but am still a bit baffled by one thing: when I send mail from my iPhone, I can see how I can Cc myself, but then I see my own...
|
|
11.15.07
41 Bugs Attended To In Latest Round Of Leopard & Safari Fixes
 By
Chris Crum
David Utter has posted a story at SecurityProNews regarding the ever-important topic of security fixes for Mac OS X Leopard and the Safari web browser.
I can't see a more important topic to share with you here today, and David and me are like this so I don't think he'll mind me sharing it with you. Here is Mr. Utter's article in it's entirety:
A massive 41 bugs needed attention from Apple engineers to correct them in a round of security fixes for Mac OS X Leopard and the Safari web browser.
In a month where one major operating system vendor dispensed two patches, and another one dealt out forty-one, the observer who had to determine which was Apple and which was Microsoft without knowing in advance might guess wrong.
Microsoft's minuscule two patches for November barely register when compared to Apple's huge jailbreak of fixes. The Apple security page for the latest round of OS updates covers products from AppleTalk to WebKit, the latter figuring in Safari's security.
The name AppleTalk evokes a quaint reminder of the time before TCP/IP became a networking standard. However, for organizations that have it turned on, a trio of locally exploitable buffer overflow conditions could allow arbitrary code execution if left unpatched.
Safari required updates to its browsing services to fend off potential attacks from malicious hackers. Its tabbed browsing feature could have caused people to unwittingly disclose their user credentials for a website.
Another problem, this time with malicious .download format files, may have led to Safari crashing, or to arbitrary code execution. Someone who downloaded a specially crafted file would have been exposed to this attack.
A number of WebCore and WebKit fixes addressed a series of problems that could have been exacerbated online. Safari's handling of JavaScript left it open to cross-site scripting attacks, in one example.
Apple's resurgence as a brand has not been accompanied with easier public visibility into the issues it corrects for its products. One can see the difference between Apple and Microsoft by visiting microsoft.com/security and apple.com/security.
The Microsoft URL goes directly to a page discussing computer security, with options for home users and security pros to look more closely at the issues that concern their software. At Apple, the URL noted above redirects to a list of security features in Mac OS X. Accurate, but not as helpful.
It may be that Apple believes an OS X user's concerns end at the feature list. Apple has always kept the icky stuff hidden away from the typical consumer. They shouldn't make it difficult for someone with a little more awareness of security issues to find details about updates as they are released. There's no harm in being informative.
About the Author:
Chris is a staff writer for WebProNews. Visit WebProNews for the latest ebusiness news.
|
