02/11, 5:15pm
Mac OS vulnerabilities
IBM's security research and development group, X-Force, has released an annual report that suggests Mac is the most vulnerable operating system. The percentage of patched vulnerabilities compared to the total number of disclosed vulnerabilities was used for the rankings, with Mac OS X and OS X Server each leaving 14.3 percent of the problems unresolved. IBM gave the highest score to its own AIX platform, claiming to have fixed over 96 percent of the vulnerabilities, while Microsoft failed to patch between 5.5 percent and 4.1 percent of the reported issues for its Windows operating systems.
more
09/15, 10:10pm
Security Update 2008-006
Apple on Monday unveiled Security Update 2008-006, detailing the various security fixes patched between it and the Mac OS X 10.5.5 update. The updates both resolve a vast number of issues, mostly relating to the remote execution of arbitrary code, many issues resolved were related to performance and password security. Several vulnerabilities could have allowed malicious users to gain access to a list of authenticated users, or to change the password of an unattended station through the login screen.
more
06/19, 9:50pm
Safari 3.1.2 for Windows
Apple on Thursday unveiled a new security update rolled into Safari 3.1.2 for Windows. Which offers users protection against vulnerabilities with the imaging engine, file saving, and malicious code execution. Users could have been affected by maliciously crafted BMP or GIF files, which could allow assailants to learn what is in active memory at any given time. Safari 3.1.2 for Windows is available through Apple Software Update, as well as the company's support page.
more
03/18, 5:15pm
Security Update 2008-002
Apple today unveiled Security Update 2008-002, which provides a number of fixes for several system vulnerabilities found in AFP, CUPS, AppKit, and several other system-level resources. Most of the vulnerabilities revolve around maliciously crafted URLs granting access to system-level privileges, while others allow users to bypass system security. The majority of fixes are for Mac OS X 10.4 Tiger and Tiger Server users, while some apply to the 10.5 Leopard equivalents.
more
02/11, 6:00pm
January security updates
Apple's latest Mac OS X Leopard 10.5.2 update and 2008-001 security update for 10.4 Tiger users fixes a number of different vulnerabilities that have existed in a number of different system resources. A stack buffer overflow in Directory Services could allow a local user to execute arbitrary code, while still maintaining system privileges. The issue is resolved by improved bounds checking, and is included with the update.
more
