Apple on Wednesday patched 18 holes in its Mac OS X operating system, seven that could allow an attacker to remotely take over a machine when a user does nothing more than view a booby-trapped image. The ImageIO Framework, which helps Mac applications read and write popular image formats, was responsible for five of the image …
Code execution in the login screen??
Mahvelous. IIRC, many moons ago MSGINA had a similar issue (too lazy to research tonight.) Lessons never learned?
Paris, too lazy to bother with her MSGINA problem.
I prefer MS Security Holes
After reading the recent spate of security flaws in Apple products, I'm thinking that I prefer the security holes in Windows - they're a bit tougher at least.
There are also a standalone Security Update 2009-003 patches
for all Leopard flavours and Tiger: they can be found in Software Update
Funny that software update hasn't offered me the patches yet, despite bugging me continuously to update Safari (which I never use) and reboot the damned machine.
q: WTF should I have to reboot the entire machine just to install a web browser patch?? Is there more to the Safari-MacOS relationship than meets the eye? (like IE vs Windows) or is it just Apple being a bunch of tossers?
I wondered why ColorSync had opened up the other day without me doing it.
Hang on a minute
Releasing patches to fixes security holes. I'm confused, I thought is was about Apple but the methodology and security holes make it sound like Microsoft.
Can you confirm which company this article is about ?
Long term issues?
Seem to remember ColorSync has been the subject of several serious exploits in OSX going back to at least 10.3... and poor TIFF handling was the exploit used to crack the iPhone/iTouch. You might have thought Apple would have licked this bug by now.
"Is there more to the Safari-MacOS relationship than meets the eye? (like IE vs Windows) or is it just Apple being a bunch of tossers?"
Who know's what goes on behind closed doors (and code)... It's probably both... but I'm assuming the reboot is to update Safari for all users on the machine, not just the current user - but I've got nothing to back this up as I know more about Windows than I do about OSX.
I remember always being annoyed when fanboys would laugh at windows users for reboots and dodgy updates, and yet at the same time I'm being forced to reboot for an update to itunes, quicktime and safari... these days I'm more mellow, but it still grates on me... but I guess if it needs to be done, it needs to be done...
Funny how VLC doesn't need to reboot my OSX install though, but then again Apple might use quicktime to load the "preview" icon for avi's etc, so I can see it needing to restart to update that bit of the OS at least.
I'm always being told that Macs are bulletproof and have no security issues. At all. Ever.
Was I lied to?
Any Mac user with half a brain would never make such a claim. You sure you're not confusing the common "no viruses for OS X in the wild" statement with security issues?
Anyone notice that ...
Desktp icon denoting iDisk has changed from purple/lilac to blue?
Wintards - come back when Microsoft stop releasing critical patches *every month* for an OS that they claim is the most secure and advanced on the market. If you think that "patch Tuesday" will cease after the release of Windows 7 then you are living in cloud cuckoo land! See http://www.theregister.co.uk/2009/08/05/windows_7_show_stopper_bug/
Standard flame post
My computer is better than yours. You should try running *insert operating system name* instead.
OS X is full of holes, but none are ever exploited.
So in that respect, no, you weren't being lied to.
...how few comments there are on this article. I can't help but wonder how many there would have been had the subject been a Microsoft OS.
Anyway, the Reg must have made an error, according to the ads, Mac's don't have vulnerabilities.
Anyone who ever claimed that Macs have no vulnerabilities is an idiot speaking utter b@lls, to such a level that he/she probably works as an administrator for government schools. Any computer hooked up to a network has a risk of vulnerabitlites ... yes, kiddies, even Linux and BSD. Now, it's the *rate* and *severity* and *duration* of those vulnerabilities you need to watch out for.
If you're daft enough to believe that - about anything - then you deserve to be lied to!
It's better than Windows, as that's as much as anyone can say. But it ain't perfect.
18 Holes ??!!!
The most advanced OS ??!!! Just proves that MacOS was written by humans & possibly
the same quality as M$.
More users Apple gets, more things come out of the woodwork...
Just a matter of time
Quite. The more popular they get, the close Apple will need to look at their security. This does of course reveal the mythology behind the ads; it's pretty obvious it's because the userbase isn't yet as common as the MS products.
@ Wednesday AC:
Safari uses WebKit, which is in the OS. Webkit is also used my other apps too. So to update Safari, you update Webkit, which is in the OS, whish is why a reboot.
Here we go again...
I'm not a fanboi of any OS since I use more than one...
But as soon as Mac [or Linux] has the same install-base as Windows, AND it maintains the same low exploit/attack rate that it currently enjoys right now, then I'll agree that it is a "more secure" OS.