May 12, 2006

Is my Mac Secure? Ask Apple - they know.

Logo-Apple-1Apple has published its 3rd security update for 2006. There is no question that there are fewer (any?) viruses on OS/X and fewer security breaches on OS/X powered machines. But like any modern OS, OS X still has its share of security vulnerabilities. Apple's main saving grace has been the fact that fewer people are actively trying to exploit these vulnerabilities as a result of Apple's small market share (< 5%).

Check out some of the fixes covered by Apple's latest security update.

AppKit, ImageIO
Impact: Viewing a maliciously-crafted GIF or TIFF image may lead to arbitrary code execution

BOM
Impact: Expanding an archive may lead to arbitrary code execution
Impact: Expanding a malicious archive may cause arbitrary files to be created or overwritten

CFNetwork
Impact: Visiting malicious web sites may lead to arbitrary code execution

CoreFoundation
Impact: Registration of an untrusted bundle may lead to arbitrary code execution
Impact: String conversions to file system representation may lead to arbitrary code execution

CoreGraphics
Impact: Characters entered into a secure text field can be read by other applications in the same window session

Finder
Impact: Launching an Internet Location item may lead to arbitrary code execution

FTPServer
Impact: FTP operations by authenticated FTP users may lead to arbitrary code execution

ImageIO
Impact: Viewing a maliciously-crafted JPEG image may lead to arbitrary code execution

Keychain
Impact: An application may be able to use Keychain items when the Keychain is locked

LaunchServices
Impact: Viewing a malicious web site may lead to arbitrary code execution

libcurl
Impact: URL handling in libcurl may lead to arbitrary code execution

Mail
Impact: Viewing a malicious mail message may lead to arbitrary code execution

Preview
Impact: Navigating a maliciously-crafted directory hierarchy may lead to arbitrary code execution

QuickDraw
Impact: Viewing a maliciously-crafted PICT image may lead to arbitrary code execution

Safari
Impact: Visiting malicious web sites may lead to file manipulation or arbitrary code execution

How many different ways was there to accidently trigger a malicious code when simply viewing a web page or reading an email?

This should not come as a surprise to anyone in the technology industry, but I am sure it is a shocker to most consumers who have been bombarded with OS X "I am invulnerable" mantra.

Bottom line: always use common sense when browsing the web or read email messages - even if you are using a Mac.

May 12, 2006 3:16:02 PM | Apple

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Leave a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

Name is required. Email address will not be displayed with the comment.

NEXT POST
FJ Cruiser: Gas Mileage It is week 2 for my FJ Cruiser and another tank of gas was used. This time, with the same commuting routine, I got 2 extra miles per gallon, and my cost per mile was $0.06 cheaper. Miles driven: 250.400...
PREVIOUS POST
Windows Vista - Build 5381 I have been avoiding installing Windows Vista for 6 months now, but I told a friend today that I would take the time to install the latest official "friends and family" build this weekend and provide my feedback - privately....

Cris

An aspiring photographer, a passionate technologist, a husband, a father.

The TypePad Team

Search

Recent Comments