Apple Plugs 13 Holes In Panther, Tiger - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:54 PM

Apple Plugs 13 Holes In Panther, Tiger

Apple Computer on Tuesday posted security updates to fix 13 vulnerabilities in the client and server versions of its Panther and Tiger operating systems. Apple does not rank its vulnerabilities, but Danish vulnerability tracker Secunia tagged the entire update as "highly critical," its second-highest alert ranking.

Apple Computer on Tuesday posted security updates to fix 13 vulnerabilities in the client and server versions of its Panther (Mac OS X 10.3.9) and Tiger (10.4.3) operating systems.

Four of the baker's dozen patch Apple's Safari Web browser, two affect the bundled open-source Apache Web server software, and others involve such components as OpenSSL, Open Directory, and the system administrator logging function.

Four of the 13 flaws let attackers place their own code on vulnerable systems; although Apple doesn't label vulnerabilities with a risk-assessment score as does Microsoft, any bug that allows such arbitrary code execution is considered a critical threat by virtually every security vendor and analyst. Danish-based vulnerability tracker Secunia tagged the entire update as "Highly critical," its second-highest alert ranking.

September was the last time Apple patched its operating systems; then, it fixed 10 vulnerabilities. In August, however, Apple had to fix more than 40 flaws.

Security organizations, including Symantec and the SANS Institute, have recently warned Mac users that the Apple operating system is increasingly vulnerable to attack. In September, Symantec's bi-annual Internet Security Threat Report noted that Mac OS X was in danger of becoming a target as the popularity of the platform rose.

"Many users believe that this operating system and the applications that run on it are immune to traditional security concerns. However, evidence suggests that, increasingly, they may be operating under a false sense of security," said the report.

Much more recently, the computer training organization SANS Institute specifically cited Mac OS X in its top 20 vulnerabilities list. "Any default or unpatched Mac OS X installations should be presumed to be vulnerable," the SANS report said.

It even took a potshot at the way the Cupertino, Calif.-based developer releases security updates. "Apple frequently issues Mac OS X cumulative security updates that tend to include fixes for a large number of vulnerabilities with risk ratings ranging from critical to low. This complicates the tracking of vulnerabilities for this OS."

Apple released November's fixes as Security Update 2005-009 in versions for both Panther and Tiger, with separate updates for the client and server editions of each. The patches can also be downloaded using the operating system's own Software Update command, or from Apple's Web site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
Register for InformationWeek Newsletters
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll