Print this article | E-mail this article | Comment on this article

Time for a 'Patch Tuesday' just for Apple?

By Scott M. Fulton, III, BetaNews

October 9, 2008, 6:21 PM

In an advisory published by Apple this afternoon, Mac users and admins are being advised of the availability of the seventh major security package this year, which will include some 20 patches for both the System and Mac applications.

The last major Apple security update came on September 15, and the one before was issued on the last day of July. So security updates are getting to be a monthly affair with Apple, just as they've been with Microsoft for quite some time.

But in Apple's case, it's worth noting that security update packages also include patches for third-party Mac and Unix software, provided as a courtesy to their manufacturers or developers. This month, Apple is including what it characterizes as multiple vulnerabilities in the ClamAV open source anti-virus system for Unix (don't forget that Mac OS X is a Unix system now). ClamAV has been susceptible to multiple buffer overflow-triggered situations of arbitrary code execution since 2005, and this appears to be the latest incident.

One serious situation with the Mac System software itself which the 2008-007 security patch does address, involves what Apple describes as an independent discovery regarding maliciously crafted files and the Finder program. On a Mac, a file can be responsible for generating its own icon in Finder; the content of that icon is part of the file's "resource fork." Malicious code in the icon portion can cause Finder to shut down; and when it tries to restart, naturally, it tries rendering the same icon again. Which causes it to shut down again, which ends up making Finder look like something you saw in a Mac commercial once...on the left side of the TV screen.

While all this stopping and restarting is going on, Finder can lose track of the active user's own account. So this latest patch spawns a separate process for generating icons, which then links back to Finder.

Package 2008-007 also contains fixes for vulnerabilities in MySQL Server, Apache, PHP, and Tomcat.

Add a Comment (9 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

By Jinky

posted Oct 10, 2008 - 4:54 PM

Jeez, why would anyone want to hurt our beloved Apple OS X? These are sad times :(

Score: 0

By internetworld7

posted Oct 11, 2008 - 12:29 AM

Not to worry, with a Mac there is only so much damage you can do. The silly crap you see on a PC like turning hundreds of thousands of infected computers into spamming machines and completely taking over a Mac is something you will never witness.

Apple is all about security at it's core, that is why the Macintosh is built on UNIX. Security is already baked in. All Apple has to do is keep updating the Mac. No need for bloated and memory hogging antivirus.

Score: 0

By internetworld7

posted Oct 10, 2008 - 1:10 AM

This is exactly the reason security attacks are pointless on a Mac, Apple is always on top of security, producing the most rock solid and secure OS on the planet.