Apple has addressed a number of security issues and has provided fixes for no less than 28 different components (25 with CVE numbers) in MacOS 10.4, 10.5 and Server. A vulnerability that exists in the Safari web browser is also dealt with in the update but because the same problem exists for Windows XP and Vista users, a separate update has been issued for them.
Admittedly, a few of the issues are pretty minor but others definitely warranted a faster response from Apple. Probably the most serious are vulnerabilities that could lead to arbitrary code execution.
As far as the safari web browser is concerned, the most worrying aspect here is an RSS vulnerability which could enable malicious code to be introduced simply by inducing a user to visit a particular site.
A potential attacker wouldn’t really need to have in depth technical knowledge to discover and exploit this weakness either; in fact security researcher Brian Mastenbrook said he found it accidentally and by implication that means others could have found it too.
Now we are all perfectly aware that we cannot afford to be complacent when it comes to Internet security and so we expect the likes of Apple especially, to act on security issues as soon as they are exposed.
So it kind of saps our confidence a bit when we hear that Brian originally reported the security issue in Safari to Apple as far back as last July (he is one of 3 researchers Apple has credited with reporting the bug) and yet it’s only now that the fix has been made available. Is that acceptable? Personally, I would say no.
Ok so I don’t think any of us would put Apple in quite the same bracket as Microsoft when it comes to vulnerabilities, but word has been getting around the web that Apple are not taking internet security as seriously as they should and this could potentially have a damaging impact on Apple’s comparatively squeaky clean reputation.
Even Apple admits that their systems are not 100% immune from attack, but what system is so we can accept that. The main gripe here is that they didn’t act on it straightaway when it was first pointed out to them no less than seven months ago.
Anyway, all’s well that ends well as they say so it’s good to see a resolution to this and other problems regardless. The last time Apple issued multiple security fixes on this sort of scale was almost a year ago.
Users are advised to install these latest updates immediately. All the updates are available from automatic Apple software updates or manually from the Apple Support Download site.
If you want to find out all the latest news on tech why not subscribe to our RSS feed?
Leave a Reply