Leopard security bug fix on the way? [U]

11/10, 1:35am

Security firm goes public after missed deadlines

[Update: This bug has been fixed as part of Security Update 2010-007, released today] An important security bug in Mac OS X 10.5 (Leopard) that remains unpatched despite missed deadlines from Apple has forced Core Security Technologies to go public with the exploit, even though a fix may be imminent. Apple was informed of the flaw, which has also been used to create jailbreaking software for iOS devices, and has already developed a patch -- but has missed two promised deadlines to release it, says the firm.

Tiger, Leopard flaw an "enhancement"?

01/25, 5:50pm

Tiger, Leopard flaw

Similar to the Office 2008-related permissions problem reported earlier today, Mac OS X 10.4 Tiger and 10.5 Leopard users may be susceptible to additional vulnerabilities. MacNN reader Robert Myers reports that when using a standard user account to copy software in to the Applications folder, the authentication that takes place not only allows the software to be inserted in to the folder (as it should) but also changes the owner of the application to the current user.