Apple on May 24 released patches for 17 vulnerabilities spanning a host of technologies and a slew of potential unpleasantness: from system takeover to denial of service to password snatching. The patches can be downloaded automatically by enabling Software Update or they can be downloaded at Apple's download site.
To read all comments associated with this story, please click here.
Member since:2005-10-02
You might want to add the fact that they are also fixed on *BSD.
I suspect it is in part because *BSD and Linux users tend to keep their systems updated very regularly. However, last week I actually had a vulnerability on my Gentoo system (Samba), but then I was using a slightly old version. In FLOSS it often happens that vulnerabilities are fixed before they are found (so to speak) leading to a situation where users do not suffer from vulnerabilities because they use very new packages unaffected by said vulnerabilities.
That's the difference between fixing something that MIGHT become a problem and fixing something when it HAS become a problem.
Member since:2006-10-08
"That's the difference between fixing something that MIGHT become a problem and fixing something when it HAS become a problem."
Additionally, this is why we do regular updates of security critical OS subsystems and applications in UNIX land, because we cannot afford taking someone the opportunity to profit from a problem that has been discovered and will be fixed soon. So better do fixing of things that might develop into problems. Especially in UNIX server world, you simply need to do so, because your customers rely on you doing your job well, or they keep their money...
Member since:
2005-11-12
Just about always the opensource services that have these vulnerabilities, are these fixed already on Linux systems?
10.4.9 had a number of fixes for another OSS services that Apple use.