Feeds

back to article Apple unloads 47 fixes for iPhones, Macs and QuickTime

Apple has issued fixes for more than 47 security bugs in the Mac, iPhone and QuickTime media player, some that allowed attackers to take complete control of the underlying device. The patches, which were released over a 24-hour period starting Wednesday, fix critical vulnerabilities in a variety software made both by Apple and …

COMMENTS

This topic is closed for new posts.
Megaphone

iTunes 9 Needs a Fix Pretty Quickly!

I stupidly installed iTunes 9 on the day it was released and I'm constantly having to 'Force Quit' iTunes or reboot my MacBook, and I've now found long forum threads reporting similar experiences.

0
0

Snow Leopard Not Spared

I just installed 10.6.1.

0
0

Bullshit

Apple systems are secure and flawless they don't need security patches.

The local Mac zealot told me so.

0
0
Thumb Down

iTunes and other Apple forceware

So, i get notification of iTunes update to V9 - good. but i also get Safari - don't want it, tick the box not to get it. i also get an update to iPhone - I ain't got one so i don't want it. Tick the box. iTunes installs - great. Apple update looks again, repeat the above minus iTunes. Apple - can you not get the message- I DO NOT WANT SAFARI, I DO NOT HAVE AN iPHONE. And I thought Micro$oft was persistent!

0
0

Pity about the tethering

I won't be installing the IPhone update until I've worked out how to keep tethering. Bastards

0
0
Joke

No...

Apples don't need security patches, everyone knows that. Surely you meant to say Windows?

0
0
Gates Horns

Host?

Can the seven fixes to Snow Leopard really be described as a "host" of fixes? I'd call that a "handful."

0
0
Jobs Horns

Eh?

...but I thought all Apple products were perfect!

0
0
Pirate

So what you're saying

>A third update fixed four vulnerabilities in QuickTime, some of which allowed attackers to hijack a machine by tricking users into opening specially manipulated H.264 and MPEG-4 files.<

Is if I opened that video of a dog pooping on a baby in HiDef or quicktime (file ending in .mkv or .qt?), my system ends up being pwned? - where it just used to be .exe that could infect your machine, now videos (and mp3s, jpgs etc) can do it.

Or did I totally misunderstand that paragraph - it's possible, I feel myself getting stupider by the day.

Still, I guess it works for the copyright mafia, 'Don't download anything, it could be infected, flash adverts, p2p, dodgy web page scripts. B afrayed, b veri afrayed.'

0
0

Slight correction, please

...fix that updated Flash to the latest, *least insecure*, version.

0
0
FAIL

MobileMe sync broken?

There appear to be all sorts of issues with MobileMe since the updates. Even access to the Apple Store on line seems to fail.

0
0
Jobs Horns

thats it now youve really pissed off apple

you are giving the impression that their software isnt perfect !!

and it needs fixing

0
0
Anonymous Coward

Move along, nothing to see here.

The difference between OS X vulnerabilities and Windows vulnerabilities is that OS X vulnerabilities don't get exploited.

Now run along and update your AV software, Windows trolls.

0
0
Happy

@access to the Apple Store on line seems to fail

It ain't a bug, it'sa feecher

0
0
Go

Damned

Damned if they do, damned if they don't.

0
0
Alert

re: iTunes and other Apple forceware #

You RUN what APPLE wants and ONLY what APPLE wants. Is that CLEAR?

0
0

@iTunes and other Apple forceware

Annoying, I know, but you can tell Software Update to ignore iTunes 9 or Safari 4 in future.

Click on the offending item, select Update menu/Ignore Update. At least you won't be prompted until the next release!

0
0
WTF?

@A/C move along

"The difference between OS X vulnerabilities and Windows vulnerabilities is that OS X vulnerabilities don't get exploited."

So your saying basically, Windows users need an av because no one can be arsed to infect Apple users?

Bizzare logic...

0
0

RE: Move along, nothing to see here.

The flaws in OSX aren't exploited _at the moment_ because it's still largely used by trendy types who like their computers dumbed down -- once a few more real people start using them the flaws will be exploited quick enough.

0
0
Alien

@Bilgepipe

Seven? Handful?

Dunno about you but I stop counting at five on my hands. Maybe you b'ain't from round these here parts, boy!

0
0
Rob
Bronze badge
Go

@Tony

Videos have been able to this for years. You can programme specific key frames in a video to perform certain actions.

Example being, a video embedded in a webpage can use key frames to change content in a frame on that page and obviously you could get those keyframes to call nefarious scripts from dodgy websites.

0
0
WTF?

@ian11

You obviously spoke to one of the complete twats that are still giving Mac users a bad name. I own a variety of macs and they are not perfect, less grief than other stuff I have used, but in no way perfect at all.

I just wish these idiots who say Macs are flawless would just crawl off and do something more useful with themselves, like lick London sewer outlets clean or something. They really annoy me! Then again there are idiots in every walk of life, just a shame they shout louder than the normal people.

Been using IT kit for nearly 30 years, have reasonable taste of what I like and don't, just less grief with a Mac, nowhere near zero, just a lot less.

0
0
Anonymous Coward

If you lose iPhone Internet tethering....

just go here and install the profile

http://tetherme.lstoll.net/iphone/

0
0

Signs that the rest of the IT industry is starting to mature

Did anyone else notice the parrallels here:

http://www.theregister.co.uk/2009/09/09/microsoft_windows_security_bug/

Similar pattern in vulns discovered. Generally revolving around the apps and the older versions of the OS, but not the latest OS core itself.

This is actually a good sign. We're seeing ever fewer vulns discovered in the core of the OS itself, across the board.

0
0
Coffee/keyboard

windows fanbois cheering each other

it's funny how windows fanbois pretend to be above what they claim mac fanbois do. look at you guys, much like the typical kind of statements made by an underpaid, overweight windows pseudo nerds who enjoy making fun of others in order to divert attention.

it's pretty sad really cause no matter how much you try to discredit other OSs, windows will remain the worst there is on the market today.

0
0
Boffin

OS X and Viruses

OK, lets end some FUD.

1) There are Mac Viruses, you SHOULD run an AV app, but more importantly, a mailware protection system.

2) The viruses that CAN infect a mac are rather hard to implement, require directing a user to a malformed website (usually by e-mail, which note above mailware scanning protection is important), and often requires root user account to be enabled (though some do not). What can the virus do? Well, it can take control of the machine, but what does that mean? Can you make it a zombie? pretty much: no. You can manually root around in the machine via comand line, access files and steal data, but that's about it... Installing a traditional virus that runs in the background (like a keylogger) really isn't in the cards due to the UNIX permissions system, lack of complete root access, and insistence that programs announce themselves very clearly when running under OS X. It's hard to keep a virus secret if it's dancing in the system tray announcing it's presence, or clearly shows up in Sysmon and Top....

3) 1 infected mac can't easily infect another on the same network (let alone another). It has to use a known exploit, which up to now are all done by distributed files (hacked pre-release iWork 09 disks are common, but don;t exactly self distribute and self execute do they), or by directing to a website. There's no direct exploitable entry points (that have been found, that are by default open and accessible). You actually have to FALL VICTIM to a scam first, or be redirected to a hacked site, or download something illegal... its very difficult to get a virus to you.

4) MANY MANY of the virus xers out there USE macs, so few are willing to write viruses that exploit their own platform. This is not a universal protection as #3, it's near impossible to have macs cross infgect each other, but it's one more limiting factor.

5) Since all (to my knowledge) of the proof of concept viruses for macs use a permission escalation gained from a buffer underrun in a weak application (which are usually quick to fix once discovered), even if we don't have good virus definition files, huristic scans are very powerful, and easy to implement, and protecting a mac from unknown viruses is very easy, and even basic free AV scanners that use huristic models are near 100% effective (accepting that if you actually LUANCH a virus installer yourself from a downoaded hacked installer, then type in a keychain password, only The Jobs can save you). The system may have vulnerabilities, but the simplest levels of protection make it highly secure.

6) Easy to fix. It's a flat file operating system. Deleting a virus is easy, rootkits can't readily be installed unless you were dumb enough to get the virus while running as root... Even rolling back the whole machine to a pre-infected state is easy, and a complete re-install is cake with time machine.

It's not perfect, it can be exploited, but the scope of what can be done with a hacked machine is very small and the methods for hacking it require a user intervention (tricking them, or making them download and execute something). This is a fairly secure out of the box UNIX operating platform. Yes, any program added to it, especially those with open IP listeners of external server conenctions open vulnerability, but even those vulnerabilities can be detected by cheap (or free) basic software. This is NOT the case for Windows, and typically not for Linux as well (as most Linux systems do not have best-practice user security models out of the box, and most people using linux su- to root often anyway).

0
0
Anonymous Coward

Malware? I've heard of it.

What I'm saying is that OS X users don't need AV because there's no Mac malware out there.

It's a good feeling.

0
0
B 9

@ Michael C

You need to learn something or stop posting this BS. OK, lets examine your FUD.

1) There are Mac Viruses. . .STOP!! No, there are NOT Mac viruses. Name me one Mac virus in the wild.

2) The viruses that CAN infect a mac . . . .Again, NO viruses so let's move on.

3) 1 infected mac . . . You mean the Macs infected with NON-EXISTENT viruses? The rest of this bullet is talking about a trojan. Learn the difference before posting again.

4) MANY MANY of the virus xers out there USE macs. . . STOP again!! This is pure conjecture and you have absolutely no proof of this statement. Please stop making stuff up.

5) Since all (to my knowledge) of the proof of concept viruses . . . Proof of concept viruses are created by anti-virus company in an attempt to scare users into buying their software. Sorry, but there are NO viruses for the Mac in the wild. There may be some day, but there are not now.

6) Easy to fix. . . . I think this is a bit odd to say since there's no precedent for fixing a non-existent virus?

It's not perfect . . This is the first statement you've got right. Macs aren't perfect, just one hell of a lot better than Windows. The rest of your post fell apart when you starting making false statements on your first point.

0
0
Anonymous Coward

Oh FFS B-9

Change your 'nym to BS or take a look out of the rose tinted windows of that Ivory tower you occupy, that is of course, if it's a supported app.

0
0

Fanbois, fail and 'tard

Can we all agree to stop using these?

They were never very witty, and now they're just sad and dated.

0
0
This topic is closed for new posts.