Software // Enterprise Applications
News
2/11/2008
07:28 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Apple Releases Mac OS X 10.5.2 And Security Update

The Apple fixes affect Directory Services, Foundation, Launch Services, Mail, NFS, Open Directory, Parental Controls, Samba, Terminal, and X11.

Apple on Monday updated Mac OS X to version 10.5.2 and released Security Update 2008-001 for Mac OS X 10.4.11. Collectively, the two updates address ten security vulnerabilities, one of which includes multiple X11 X Font Server holes, and a bug not considered to be a security risk.

The fixes affect Directory Services, Foundation, Launch Services, Mail, NFS, Open Directory, Parental Controls, Samba, Terminal, and X11. The Directory Services, Mail, and Open Directory issues do not affect those using OS X 10.5 or above. Seven of the vulnerabilities, Apple said, could allow arbitrary code execution.

A flaw in Apple's Parental Controls could expose private information. "When set to manage Web content, Parental Controls will inadvertently contact www.apple.com when a Web site is unblocked," Apple explained in its release note. "This allows a remote user to detect the machines running Parental Controls. This update addresses the issue by removing the outgoing network traffic when a Web site is unblocked."

Apple's Parental Controls feature is not available prior to Mac OS X 10.5.

The Launch Services update patches a flaw in Apple's Time Machine backup software that could have allowed a user to launch an application from the Time Machine backup, even if it has been deleted. While true to the concept of Time Machine as a file recovery tool, such behavior runs contrary to expectation. "Users expect that uninstalling an application from their system will prevent it from being launched," Apple explains.

Apple also fixed flaws in several open source programs that it uses, including the print services application Samba and the X11 windowing framework.

Apple's Monday's patch pales in comparison to the one issued in mid-December, which featured more than 40 fixes.

The new update can be downloaded directly from Apple's site or through the Software Update control panel.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.