back to article Apple fixes critical Mac holes triggered by image files

Apple on Wednesday patched 18 holes in its Mac OS X operating system, seven that could allow an attacker to remotely take over a machine when a user does nothing more than view a booby-trapped image. The ImageIO Framework, which helps Mac applications read and write popular image formats, was responsible for five of the image …

COMMENTS

This topic is closed for new posts.
  1. Alan W. Rateliff, II
    Paris Hilton

    Code execution in the login screen??

    Mahvelous. IIRC, many moons ago MSGINA had a similar issue (too lazy to research tonight.) Lessons never learned?

    Paris, too lazy to bother with her MSGINA problem.

  2. iamapizza
    FAIL

    I prefer MS Security Holes

    After reading the recent spate of security flaws in Apple products, I'm thinking that I prefer the security holes in Windows - they're a bit tougher at least.

  3. Anonymous Coward
    Anonymous Coward

    There are also a standalone Security Update 2009-003 patches

    for all Leopard flavours and Tiger: they can be found in Software Update

  4. Anonymous Coward
    WTF?

    Wednesday?

    Funny that software update hasn't offered me the patches yet, despite bugging me continuously to update Safari (which I never use) and reboot the damned machine.

    q: WTF should I have to reboot the entire machine just to install a web browser patch?? Is there more to the Safari-MacOS relationship than meets the eye? (like IE vs Windows) or is it just Apple being a bunch of tossers?

  5. Anonymous Coward
    Anonymous Coward

    Vulnerability

    Oh dear.

    I wondered why ColorSync had opened up the other day without me doing it.

    :-o

  6. Anonymous Coward
    Anonymous Coward

    Hang on a minute

    Releasing patches to fixes security holes. I'm confused, I thought is was about Apple but the methodology and security holes make it sound like Microsoft.

    Can you confirm which company this article is about ?

  7. Ray0x6
    FAIL

    Long term issues?

    Seem to remember ColorSync has been the subject of several serious exploits in OSX going back to at least 10.3... and poor TIFF handling was the exploit used to crack the iPhone/iTouch. You might have thought Apple would have licked this bug by now.

  8. Law
    Welcome

    RE: Wednesday

    "Is there more to the Safari-MacOS relationship than meets the eye? (like IE vs Windows) or is it just Apple being a bunch of tossers?"

    Who know's what goes on behind closed doors (and code)... It's probably both... but I'm assuming the reboot is to update Safari for all users on the machine, not just the current user - but I've got nothing to back this up as I know more about Windows than I do about OSX.

    I remember always being annoyed when fanboys would laugh at windows users for reboots and dodgy updates, and yet at the same time I'm being forced to reboot for an update to itunes, quicktime and safari... these days I'm more mellow, but it still grates on me... but I guess if it needs to be done, it needs to be done...

    Funny how VLC doesn't need to reboot my OSX install though, but then again Apple might use quicktime to load the "preview" icon for avi's etc, so I can see it needing to restart to update that bit of the OS at least.

  9. Lockwood
    Coat

    OS Security

    I'm always being told that Macs are bulletproof and have no security issues. At all. Ever.

    Was I lied to?

  10. magnetik

    @Lockwood

    Any Mac user with half a brain would never make such a claim. You sure you're not confusing the common "no viruses for OS X in the wild" statement with security issues?

  11. Anonymous Coward
    Happy

    Anyone notice that ...

    Desktp icon denoting iDisk has changed from purple/lilac to blue?

  12. Anonymous Coward
    Anonymous Coward

    schadenfreude

    Wintards - come back when Microsoft stop releasing critical patches *every month* for an OS that they claim is the most secure and advanced on the market. If you think that "patch Tuesday" will cease after the release of Windows 7 then you are living in cloud cuckoo land! See http://www.theregister.co.uk/2009/08/05/windows_7_show_stopper_bug/

  13. Wize
    Flame

    Standard flame post

    My computer is better than yours. You should try running *insert operating system name* instead.

  14. Anonymous Coward
    Anonymous Coward

    @Lockwood

    OS X is full of holes, but none are ever exploited.

    So in that respect, no, you weren't being lied to.

  15. Anonymous Coward
    FAIL

    Interesting

    ...how few comments there are on this article. I can't help but wonder how many there would have been had the subject been a Microsoft OS.

    Anyway, the Reg must have made an error, according to the ads, Mac's don't have vulnerabilities.

  16. Richard 102

    Please

    Anyone who ever claimed that Macs have no vulnerabilities is an idiot speaking utter b@lls, to such a level that he/she probably works as an administrator for government schools. Any computer hooked up to a network has a risk of vulnerabitlites ... yes, kiddies, even Linux and BSD. Now, it's the *rate* and *severity* and *duration* of those vulnerabilities you need to watch out for.

  17. Anonymous Coward
    Grenade

    @Lockwood

    If you're daft enough to believe that - about anything - then you deserve to be lied to!

    It's better than Windows, as that's as much as anyone can say. But it ain't perfect.

  18. Anonymous Coward
    WTF?

    18 Holes ??!!!

    The most advanced OS ??!!! Just proves that MacOS was written by humans & possibly

    the same quality as M$.

    More users Apple gets, more things come out of the woodwork...

  19. James 132
    Linux

    Just a matter of time

    Quite. The more popular they get, the close Apple will need to look at their security. This does of course reveal the mythology behind the ads; it's pretty obvious it's because the userbase isn't yet as common as the MS products.

  20. h 6
    Thumb Up

    @ Wednesday AC:

    Safari uses WebKit, which is in the OS. Webkit is also used my other apps too. So to update Safari, you update Webkit, which is in the OS, whish is why a reboot.

  21. deegee

    Here we go again...

    I'm not a fanboi of any OS since I use more than one...

    But as soon as Mac [or Linux] has the same install-base as Windows, AND it maintains the same low exploit/attack rate that it currently enjoys right now, then I'll agree that it is a "more secure" OS.

This topic is closed for new posts.

Other stories you might like