Mac OS X riddled with security holes

http://www.itnewslog.com/articles/full_article.asp?ID=972&Category=Security&Post_by=Cameron

http://www.apple.com/support/

Apple has released a range of patches for security holes - both old and new - for its Mac OS X operating system, which it advises users to download immediately. The company is downplaying the issue but one security company at least is concerned that the vulnerabilities could be extremely serious. Secunia has given the five - yes, five - patches a "highly critical" rating and warned that they may allow hijacking, security bypass, data manipulation, privilege escalation, denial of service and system access.

In other words, it makes Microsoft's current Sasser problems look no more than a nasty nip. The difference of course is that Windows is the vast majority of the market and Macs account for only three percent of operating systems. There isn't a worm exploiting the holes as yet but the company is strongly advising users to download and install the patches as the OS looks like an easy target at the moment.

Unless you turn it off, or cancel the updates.

It's under System Prefrences -> Software Updates Mac people. Do it today and let's make this look like what it is, an orderly update before the fact.

In my former life, up until a month ago, at least ten hours, or one quarter of my work week, was spent dealing with Windows viruses. That's why when I come home at night, I have a Mac.

Sounds like Microsoft propaganda.

there were 5 separate security patches released on May 3rd alone. Propaganda?

an update to Apache. (Which is technically not Apple's problem)

There are 4 OS X flavors running around out there, each slightly different than the others: 10.2.8 Client, 10.2.8 Server, 10.3.3 Client, and 10.3.3 Server. This is not significantly different from, say, Win XP Home, Win XP Pro, Win ME, and Win 2000 (which are all still supported, to the best of my knowledge.)

So yes, it's propaganda. It's spin. If I went out and said "MS released 5 major security updates today" when in fact they merely released versions specific to the version of the OS, I'd be jumped for misrepresenting MS.

Pcat

Admittedly, I let Miranda here update every week, but I just checked.

1 Security update, 4.2 MB (about average size.)

Not five. There are 4 listed on the apple website, but they are one each for 10.2.8 and 10.3.3 for the client version and for the server version. This is like having a security update for XP Pro, XP Home, Me, and 2000 released all at once. (or better analogy, like security updates for both NT Server and NT client, and XP Pro and XP Home coming out). Further, these were UNEXPLOITED security holes. So Apple was doing the bright thing and patching holes before they became issues. Stunning. Locking the door before the horse gets out.

And if this makes Sasser look like a nasty nip.... well.... what was doing the nipping? A baracuda? (when I watch my junk mail rates jump from 4-7 a day to 200+ a day on a single account because of a single virus, that's not a nip.)

Quoting from MacSlash, quoting from someone else : Mac Causey writes "Techworld has posted a sensationalist and agenda-driven story entitled "Mac OS X Riddled With Security Holes." The article negatively contrasts OS X security holes that were patched before anyone actually exploited them against the Sasser worm, which calls a "nip" by comparison. How an at-large, wild virus that has cost companies millions of dollars can be called a "nip" compared to theoretical holes that have never been exploited is beyond me. Read the bulletin board responses, they are much more interesting than the article." apple.slashdot.org is also covering this.

Here's the original story: http://www.techworld.com/security/news/index.cfm?newsid=1497 But I find it suspect considering techworld's reputation as a MS booster. This is not the first time I've come across highly negative articles from this source about Mac. By percent of market share, they tend to beat Mac pretty heavily and by percentage of articles (remember how Gov. Dean got spun - this is the same trick) it's not much better.
On edit, after having learned a bit more about Techworld, I'm even less surprised. They have a rep for letting their advertisers write, or contract out to write, articles for them. Geez, I remember this from my days on the small town weekly - the advertiser who bought the most ad space that week got a feature the next. Further, this article was based on a single security consulting company's report, not on several. That's just bad journalism. If I took that approach to believing what was fed me, I'd be thinking that Faux News was right on the money. Not in politics, not in computers.

So the other patches referred to are old ones that they're pushing because there's no such thing as perfect security. Don't be fooled - nothing is secure.

That said, I feel a lot more comfortable with Miranda and our weekly updates than I ever did with her predecessor, McAfee, Norton, the thrice-weekly MS patches and hypervigilance.

Not to turn this into a MS Versus Mac debate, but dammit, I've got better things to do with my computer than worry about email attachments, security holes, and crashes. So beat me. I'm a user, not a tinkerer. And I'm not boostering for a specific platform (I can't - we've got 6 different platforms in this house, 4 flavors of Unix (including OSX), two of windows.) I'm saying that this is bad journalism, aimed at pleasing the advertisers. Money pushes news in Technology press, too.

Pcat (who should be writing)

They had a heart attack and fell out of a window onto an exploding bomb and were killed in a shooting accident.

That's dialogue I remember from an old episode of Monty Python's Flying Circus, the episode in which Mr. Pither goes on a cycling tour of North Cornwall. Probably at least 1000 times more relevant to my daily computer life than the subject matter of this thread.

Does a crash cause a worm or is it the other way around? Damn these unanswered questions of Mac OS X.