Print this article | E-mail this article | Comment on this article

Apple Plugs 25 Mac OS Security Holes

By BetaNews Staff, BetaNews

April 19, 2007, 5:55 PM

Apple on Thursday released its fourth security update of the year, patching 25 security holes in its operating system, 24 specifically affecting the latest version of Mac OS X version 10.4. Among the extensive list of fixes is a wireless network patch for older systems.

Three fixes were made to Mac's Kerberos authentication daemon, along with three for the system's Login Window application. A slew of patches affect Unix services such as ftpd, GNU Tar, fetchmail, WebDAV and SMB. Two fixes to Libinfo stop malicious Web sites from potentially running arbitrary code. Apple also updated services used in its iChat and System Configuration applications due to security flaws.

Add a Comment (41 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

By kashin

posted Apr 20, 2007 - 7:58 PM

So much for "it just works" eh?

Score: 0

By Tenoq

posted Apr 20, 2007 - 9:58 PM

Which bit isn't working for you? ;)

Score: 0

By bobthegoat2001

posted Apr 21, 2007 - 2:51 AM

The part that's not working. ;)

Score: 0

By terminalx

posted Apr 20, 2007 - 5:56 PM

Wow CNET is so anti-MS its unnerving, they truly believe that Macs are bulletproof even with vulnerabilities....its scary...

Score: 0

By theyipper

posted Apr 20, 2007 - 4:35 PM

I don't understand why people don't exploit Macs more often. One can charge at least 3x more to repair them and Mac users would be willing to pay that much for their beloved machines.

Score: 0

By Tenoq

posted Apr 20, 2007 - 10:00 PM

Exploits are usually used to make money. Hacker/evil corporations know that exploiting 5% market share is a waste of time when you can exploit 90% market share.

Score: 0

By lost89577

edited Apr 20, 2007 - 1:09 PM

This update is a MacOSX performance-improving patch, because MacOSX does not have any security problems and anyone who says other wise will be blacklisted by apple.

Leading to harmful attempts to discredit the source of the vulnerability reports.

You have been warned

Score: 0

By CarLox

posted Apr 20, 2007 - 8:32 PM

WHO ARE YOU TO SAY THAT BULLSH!T MAN?!!!!! W H O A R E Y O U???!!!! ok let me tell you... A DUMBAS$

Score: 0

By skags442

posted Apr 20, 2007 - 10:37 AM

/sigh/ why is it everytime i look at one of these threads ahhh nevermind

Score: 0

By vcorvinus

posted Apr 20, 2007 - 9:58 AM

But Mac is so perfect, how could it have any security problems???

Score: 0

By Program86

posted Apr 20, 2007 - 9:54 AM

ZZZZZZZ... wake me for some real news, not just a single small 16mb update for unix services. LOL

Score: 0

By PC_Tool

posted Apr 20, 2007 - 10:18 AM

lmao..

A 16MB patch for MacOSX isn't news...

...yet you jump all over every patch MS produces, regardless of size or market impact.

Huh. I think there's a word for people like you...

Score: 0

By Paul Skinner

posted Apr 20, 2007 - 2:14 PM

"Wanker", "Naive", "Retard"...

oh, wait... you mean "Hypocrite".

Score: 0

By bobthegoat2001

posted Apr 21, 2007 - 2:53 AM

Or E) All of the Above

Score: 0

By Polychronopolis

posted Apr 20, 2007 - 8:25 AM

Kudos to Apple for patching the inevitable holes in any operating system. Since Apple keeps such a tight reign on their systems, they can produce patches faster than Microsoft.

I just wish they would stop touting themselves as superior to every other OS.

Score: 0

By PC_Tool

posted Apr 20, 2007 - 9:05 AM

Wow.

Any idea how long those UNIX vulnerabilities have been around?

I'd hazard to guess it's been a while.

Score: 0

By Hollywood__

posted Apr 19, 2007 - 11:48 PM

Mac's three users are thrilled.

Score: 0

By cap737

edited Apr 20, 2007 - 11:14 AM

What are you guys trying to brag about? This isn't about security holes in OS X that we're exploited, this is about vulnerabilities that were discovered and fixed BEFORE they were exploited. At least they responded to their vulnerabilites better than SOME companies that come out later and say they knew about it months back and didn't want to send out the patch until the issue becomes a public problem.

Score: 0

By terminalx

posted Apr 19, 2007 - 11:51 PM

The point is they CAN be exploited. Apple acts all smug like they are bulletproof. I am sure if Apple ever gets a bigger marketshare where they are a real competition to Microsoft, they will share the same problems.

Operating Systems are built by humans, humans make mistakes:its inevitable

Score: 0

By ladylust

posted Apr 19, 2007 - 10:06 PM

... but but its MAC! This is impossible!

Score: 0

By CarLox

posted Apr 19, 2007 - 8:24 PM

HA HA and they say that mac its secure, of course because it doesnt have exploits but if it had then they would be f^cked up

Score: 0

By bobthegoat2001

posted Apr 20, 2007 - 2:23 AM

no, no, no... It's secure by Design! Duh.

/Sarcasm

Score: 0

By terminalx

posted Apr 19, 2007 - 7:32 PM

Bill Gates is currently smiling right now...

Score: 0

By school1012

posted Apr 19, 2007 - 7:23 PM

Dam, 35 in November 30~ in Jan and now 25. About 80 patches in 5-6 months. XP pro had 150 in 5 1/2 years (2001). Apple had 100 4 1/2 years (2001).

Score: 0

By dougggg

posted Apr 19, 2007 - 6:50 PM

I'm no MS fanboy, but what is this!??! haha

Score: 0

By Paul Skinner

posted Apr 19, 2007 - 6:19 PM

24? That's more than Microsoft.

Score: 0

By Heero

posted Apr 19, 2007 - 6:15 PM

Fourth patch? 4 Months into this year? Is Apple starting to have it's own 'Path Thursdays' now?

Score: 0

By Benjamin Linus

posted Apr 19, 2007 - 6:10 PM

but hang on, I think MacOSX was bullet-proof...

Score: 0

By Tenoq

posted Apr 19, 2007 - 7:18 PM

No, it just has no exploits.
Vulnerabilities != exploits. Not sure how many times I've got the post that. :P

Score: 0

By PC_Tool

posted Apr 19, 2007 - 9:19 PM

Vulnerabilities != exploits.

Exactly.

But it really doesn't deter from the fact that when it *does* become a target for for the folks writing exploits, it will not matter. Perhaps that's why you have to keep posting it.

MacOS is beginning to lose it's "bullet-proof" aura. The question isn't whether vulnerabilities=exploits. The question isn't even when.

It will be interesting to see, once they start rolling in, how Apple handles it compared to Microsoft.

The question should be: How can Apple beat Microsoft at patching once the exploits show up.

Score: 0

By Tenoq

posted Apr 20, 2007 - 9:58 PM

Indeed. A true comparison would be to see how many exploits existed, or more importantly, were wild when it was 50/50 market share. I doubt that day is coming in the next 10 years, so Mac users are probably care-free until then. ;)

Truth be told though, Apple does generally patch products fairly quickly. We certainly don't see as many recurrent vulnerabilities as we do with Windows (like the recent cursor flaw).

Score: 0

By terminalx

posted Apr 19, 2007 - 10:08 PM

By releasing The Iphone! er wait..

/come on, laugh!

Score: 0

By JustExtreme

posted Apr 20, 2007 - 9:59 AM

The iPhone has exploits.

Score: 0

By Heero

posted Apr 20, 2007 - 4:15 PM

Yeah, the user can forget where they put it down, and loose it. =)

Score: 0

By Niro

posted Apr 19, 2007 - 8:14 PM

no...because nobody bothers to exploit a system used by 1% of the population...:)

Score: 0

By PC_Fool

posted Apr 19, 2007 - 10:14 PM

the same amount of the population that listens to pctool and niro... 1% - and it's all the microshaft fanboi's lol

Score: 0

By bobthegoat2001

posted Apr 20, 2007 - 2:27 AM

Oh God. When will this name changing stop? It was funny the first time, but not the 564th.

Is this one of the Sony lovers (Steve, Dave, Mark, etc)?

Score: 0

By terminalx

posted Apr 19, 2007 - 11:48 PM

So then does that make you a Apple Cheerleader?

Score: 0

Nov 20 - 6:13 PM ET Microsoft says it 'has always preferred' DRM-free content

Nov 20 - 5:48 PM ET With the petaflop barrier broken, is it time to change the benchmark?

Nov 20 - 4:17 PM ET Actors' union threatens to strike over Internet TV

Nov 20 - 3:43 PM ET Mozilla prepares for bad times, and an audit

Nov 20 - 3:11 PM ET First beta tests of AOL mail synchronization

Nov 20 - 2:44 PM ET Will iPhone and G1 owners sit still for full-length TV shows?

Nov 20 - 1:54 PM ET Microsoft's IP chief: 'Information wants to be free' is a 'disaster'

Nov 20 - 12:00 PM ET Google axes its Lively metaverse experiment

Nov 20 - 11:46 AM ET Zune Pass lets users keep some of their downloads

Nov 20 - 11:43 AM ET Europe's ambitious 'single access point' for cultural media provides porn