Apple on May 24 released patches for 17 vulnerabilities spanning a host of technologies and a slew of potential unpleasantness: from system takeover to denial of service to password snatching. The patches can be downloaded automatically by enabling Software Update or they can be downloaded at Apple's download site.
Post a Comment
Member since:2005-10-02
Well as usual you are trolling.
The difference is the same as always.
The attitude towards users, the lack of severity in the bugs. None of the vulnerabilities are severe compared with a standard vulnerability i Windows.
Check the vulnerabilities and have fun. This is a "cakewalk" compared with MS-Tuesday.
Member since:
2005-11-23
Member since:
2006-01-10
Member since:2005-07-23
Member since:2005-07-06
[i]How is it "good work" when they release 17 patches at once? Just fix the issues as soon as possible and get the updates out there directly instead.{/I]
This may not always be practical due to the amount of regression testing needed before releasing the code, especially when several of these vulnerabilities are linked to a common module. To use a car analogy, why bother realigning the wheels after a brake change, when you know you will also install new tyres soon. Ideally, you do the entire batch at once.
Member since:
2005-11-12
Member since:2005-10-02
You might want to add the fact that they are also fixed on *BSD.
I suspect it is in part because *BSD and Linux users tend to keep their systems updated very regularly. However, last week I actually had a vulnerability on my Gentoo system (Samba), but then I was using a slightly old version. In FLOSS it often happens that vulnerabilities are fixed before they are found (so to speak) leading to a situation where users do not suffer from vulnerabilities because they use very new packages unaffected by said vulnerabilities.
That's the difference between fixing something that MIGHT become a problem and fixing something when it HAS become a problem.
Member since:2006-10-08
"That's the difference between fixing something that MIGHT become a problem and fixing something when it HAS become a problem."
Additionally, this is why we do regular updates of security critical OS subsystems and applications in UNIX land, because we cannot afford taking someone the opportunity to profit from a problem that has been discovered and will be fixed soon. So better do fixing of things that might develop into problems. Especially in UNIX server world, you simply need to do so, because your customers rely on you doing your job well, or they keep their money...
Member since:
2005-07-28
Member since:2005-06-29
Member since:
2005-07-28
In this set there are only three items that most users would be of interest for most users.
• iChat. If someone `already` has access to your local network, they can do some damage.
• PDF. A `maliciously crafted` file can do some damage if you open it.
• VPN. If you’re on a VPN and someone `already` has access to your machine.
Edited 2007-05-26 16:44
Member since:
2006-01-23
I think Apple need to "think different" about security.
Thankfully, the PDF bug was probably the worst and it's likely that there are some files out there already. Adobe fixed the problem by releasing Reader version 8.0. If you run version 7 still, you could be in trouble. However, that was around two months ago, right?
I can understand that resources are limited right now with iPhone and Leopard development, plus continuing Tiger patches but Apple really need a separate and determined focus so when the big fault happens, they can fix it quickly.
Member since:
2007-05-30
hey, thanks, this post is very useful
--------------------------------
Software
http://www.artdownload.net
