Apple Plugs 13 Holes In Panther, Tiger - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:54 PM

Apple Plugs 13 Holes In Panther, Tiger

Apple Computer on Tuesday posted security updates to fix 13 vulnerabilities in the client and server versions of its Panther and Tiger operating systems. Apple does not rank its vulnerabilities, but Danish vulnerability tracker Secunia tagged the entire update as "highly critical," its second-highest alert ranking.

Apple Computer on Tuesday posted security updates to fix 13 vulnerabilities in the client and server versions of its Panther (Mac OS X 10.3.9) and Tiger (10.4.3) operating systems.

Four of the baker's dozen patch Apple's Safari Web browser, two affect the bundled open-source Apache Web server software, and others involve such components as OpenSSL, Open Directory, and the system administrator logging function.

Four of the 13 flaws let attackers place their own code on vulnerable systems; although Apple doesn't label vulnerabilities with a risk-assessment score as does Microsoft, any bug that allows such arbitrary code execution is considered a critical threat by virtually every security vendor and analyst. Danish-based vulnerability tracker Secunia tagged the entire update as "Highly critical," its second-highest alert ranking.

September was the last time Apple patched its operating systems; then, it fixed 10 vulnerabilities. In August, however, Apple had to fix more than 40 flaws.

Security organizations, including Symantec and the SANS Institute, have recently warned Mac users that the Apple operating system is increasingly vulnerable to attack. In September, Symantec's bi-annual Internet Security Threat Report noted that Mac OS X was in danger of becoming a target as the popularity of the platform rose.

"Many users believe that this operating system and the applications that run on it are immune to traditional security concerns. However, evidence suggests that, increasingly, they may be operating under a false sense of security," said the report.

Much more recently, the computer training organization SANS Institute specifically cited Mac OS X in its top 20 vulnerabilities list. "Any default or unpatched Mac OS X installations should be presumed to be vulnerable," the SANS report said.

It even took a potshot at the way the Cupertino, Calif.-based developer releases security updates. "Apple frequently issues Mac OS X cumulative security updates that tend to include fixes for a large number of vulnerabilities with risk ratings ranging from critical to low. This complicates the tracking of vulnerabilities for this OS."

Apple released November's fixes as Security Update 2005-009 in versions for both Panther and Tiger, with separate updates for the client and server editions of each. The patches can also be downloaded using the operating system's own Software Update command, or from Apple's Web site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll