On last.fm: Coldplay - Listen now!
BNET Business Network:
BNET
TechRepublic
ZDNet

September 10th, 2009

Apple plugs 33 Mac OS X security holes, updates Flash on Leopard

Posted by Ryan Naraine @ 2:52 pm

Categories: Adobe, Anti Virus, Apple, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Flash, Locally Running Web Servers, Open source, Passwords, Patch Watch, Responsible disclosure

Tags: Apple Macintosh, Macromedia Flash Player, Apple Inc., Apple Mac OS X, Apple Mac OS, Operating Systems, Security, Software, Ryan Naraine

Apple today shipped another Mac OS X mega-update with fixes for at least 33 serious security problems affecting Mac OS X users.

The update includes patches for third party components like Adobe’s Flash Player plug-in, Clam AV, MySQL and PHP.  A separate update was released for Snow Leopard to fix the issue where a vulnerable version of Flash Player was included with the new operating system.

[ SEE: Snow Leopard ships with vulnerable Flash Player ]

The Security Update 2009-005 fixes several “arbitrary code execution” vulnerabilities that can be exploited if a user is tricked into opening certain file types.

Among the components with serious security defects are Alias Manager, CarbonCore, ColorSync, CoreGraphics and ImageIO.

It also includes a new version of Clam AV, available for Mac OS X Server v10.5.8, to fix multiple code execution flaws in the open-source anti-virus package.

The new Flash Player plug-in fixes nine different vulnerabilities, the most serious of which could lead to computer takeover attacks via rigged Web pages.

Security Update 2009-005 is available from the Software Update pane in System Preferences, or Apple’s Software Downloads web site.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 174 Talkback(s)
You'll also notice
-MS has recently begun to fire back with
commercials which emphasize that you can get a
PC with equal or better processing power for a
fraction of the cost. There is NO false
advertisi... (Read the rest)
Posted by: goff256 Posted on: 09/26/09 You are currently: a Guest | | Terms of Use
Wasn't there just a mega patch 2 weeks ago?  NonZealot | 09/10/09
Well...  mgp3 | 09/10/09
At least I don't have to pay for protection  mlindl | 09/11/09
OS X and Windows both have malware scanners  NonZealot | 09/11/09
Only Windows requires protection from third-party software vendors  Mikael_z | 09/13/09
Actually...  mechBgon | 09/13/09
You could just as well switch that PC off  Mikael_z | 09/13/09
Those who say it cannot be done...  mechBgon | 09/13/09
@mechBgon: If so good then why not default?  Mikael_z | 09/13/09
did you read the heading?  Elguappo | 09/16/09
@M_z  mechBgon | 09/14/09
Re: low-rights accounts  bb_apptix | 09/14/09
maybe you should  Snarfiorix | 09/14/09
So, NZ  goff256 | 09/14/09
Gee, and you bought an Apple MacBook Pro?  No More Microsoft Software Ever! | 09/14/09
Gee...  Badgered | 09/16/09
Blinded by the iPhone  Elguappo | 09/16/09
Mac users justify this  goff256 | 09/16/09
I certainly hope you are wrong  tracy anne | 09/14/09
One bright spot  honeymonster | 09/10/09
I disagree....  kaizoman | 09/14/09
OR...  odcchaz | 09/10/09
Just another OS  tonymcs@... | 09/10/09
Young programmer...  Ceridan | 09/11/09
Sounds like 3rd Grade  BubbaGlock | 09/14/09
Something very fishy about the ZDNet voting system...  Qbt | 09/10/09
Yeah  Richard Flude | 09/10/09
Embarrassing? Yes, very true  GuidingLight | 09/11/09
You're a comedian.  goff256 | 09/19/09
33 security flaws? How embarassing. OS-X NOT SECURE!  Solid Jedi Knight | 09/10/09
uh huh  Geuseppi | 09/11/09
You are right - no need for a monthly, just around the clock...  Qbt | 09/11/09
Lack of practice...  Ceridan | 09/11/09
33 security holes in OS X? No! Just 12.  HerbertH_02 | 09/11/09
Excellent!  Sleeper Service | 09/11/09
It's not sarcasm when.....  dinosoft@... | 09/14/09
Not Linux  Wintel BSOD | 09/14/09
incidents?  wright_is | 09/14/09
I Have Very Similar Experience (NT)  PMC-CON | 09/15/09
Oh, so 3rd party components are not Apples responsibility  honeymonster | 09/11/09
OS X and security  HerbertH_02 | 09/11/09
winxp? compare apples with apples  Ceridan | 09/11/09
I have to agree.  ye | 09/11/09
RE: winxp? compare apples with apples  HerbertH_02 | 09/11/09
It doesn't matter. It's two generation old.  ye | 09/11/09
XP is still being sold  coopermi | 09/14/09
Go tell the government that, ye  Wintel BSOD | 09/14/09
So why mention Snow Leopard?  eqpc | 09/11/09
Snow Kitty  stevejg61 | 09/11/09
Really?  Ceridan | 09/11/09
Win7 more secure?  Wintel BSOD | 09/14/09
@Ceridan  Axsimulate | 09/11/09
RTM  Ceridan | 09/11/09
@Ceridan  Axsimulate | 09/14/09
@Ax: facts are facts and here they are  NonZealot | 09/14/09
@NonZealot  Axsimulate | 09/14/09
@Ax: How sad you don't know the difference  NonZealot | 09/14/09
Oct. 22, 2009  Wintel BSOD | 09/14/09
Why are you comparing Leopard against XP?  de-void | 09/11/09
@de-void  Axsimulate | 09/11/09
It is released...  eqpc | 09/11/09
Given what an underachiever Vista is...  Wintel BSOD | 09/14/09
Valve stats, anyone? happy  mechBgon | 09/14/09
Nice try lol.... grin  Wintel BSOD | 09/14/09
@not_nice  mechBgon | 09/14/09
Sir,  Wintel BSOD | 09/15/09
@not_nice  mechBgon | 09/15/09
RAM  goff256 | 09/15/09
@goff256... even at Newegg, they're expensive sad  mechBgon | 09/15/09
Partially true  Wintel BSOD | 09/16/09
Exactly right, especially since this is Apple's greatest advantage  NonZealot | 09/11/09
Right!!  jakenhauser23 | 09/11/09
WHAT???  NonZealot | 09/11/09
Microsoft keeps users insecure.  HerbertH_02 | 09/11/09
Allowing patching whilst running as standard user  jdbukis@... | 09/13/09
Really?  Badgered | 09/16/09
Whatever  jakenhauser23 | 09/11/09
I believe there is a reason  honeymonster | 09/11/09
Sorry, but you are dead wrong  Michael Kelly | 09/11/09
Exactly which third party software does *MS* bundle?  wolf_z | 09/12/09
Hey wait a minute!  odcchaz | 09/11/09
Tue: MS patches, Thu: Apple patches  HollywoodDog | 09/11/09
The more painless and seamless the patch process becomes  Michael Kelly | 09/11/09
I don't know about that...  JM1981 | 09/11/09
Only witnessed that with XP  NonZealot | 09/11/09
Actually  Michael Kelly | 09/11/09
You are installing 3 years of patches  NonZealot | 09/11/09
The time  Michael Kelly | 09/11/09
Even worse, you count download time  NonZealot | 09/11/09
You've never updated OSX...  Wintel BSOD | 09/14/09
How is that fair?  Michael Kelly | 09/11/09
From your post  NonZealot | 09/11/09
@ NZ  WarhavenSC | 09/11/09
He doesn't know  Wintel BSOD | 09/14/09
I have used Pre-sp1 discs for vista  JM1981 | 09/11/09
Seriously  gnesterenko | 09/11/09
Agreed, it did not take much of my time  Michael Kelly | 09/11/09
Thanks for the hyperbole  macadam | 09/11/09
I can't remember a Windows patch ever taking that long  Qbt | 09/11/09
Qbt gets credit for this reply  NonZealot | 09/11/09
Very good advice.  ye | 09/11/09
Actually, you are quite wrong...  Qbt | 09/11/09
re: More Time Patching  WarhavenSC | 09/11/09
Says the giant list of neverending OS X patches  NonZealot | 09/11/09
re: NZ  WarhavenSC | 09/11/09
LOL! Sure you do!  NonZealot | 09/11/09
re: NZ  WarhavenSC | 09/11/09
@WarhavenSC  eqpc | 09/11/09
@War: stay on topic  NonZealot | 09/11/09
@ eqpc  WarhavenSC | 09/11/09
@War: the difference is SO plain  NonZealot | 09/11/09
@WarhavenSC  eqpc | 09/11/09
re: Stay on Topic  WarhavenSC | 09/11/09
@War: you brought up Office  NonZealot | 09/11/09
That's one of the most stupid things I've read here  Wintel BSOD | 09/14/09
re: NZ  WarhavenSC | 09/11/09
Maybe these links:  Qbt | 09/11/09
re: Qbt  WarhavenSC | 09/11/09
@War: let me help  NonZealot | 09/11/09
@War: Your logic is staggering!!  Qbt | 09/11/09
@ Qbt & NZ  WarhavenSC | 09/11/09
@War: OK, let's see that in action then...  Qbt | 09/11/09
Gee, maybe we should go back to 2001  Wintel BSOD | 09/14/09
hmm  Badgered | 09/16/09
Says the anti-Apple troll  Wintel BSOD | 09/14/09
I like how Apple update works  HollywoodDog | 09/11/09
Just like Windows you mean?  NonZealot | 09/11/09
No, Windows requires decisions,  HollywoodDog | 09/11/09
You are still wrong  NonZealot | 09/11/09
No, you are still wrong  HollywoodDog | 09/11/09
Thanks for destroying your point  NonZealot | 09/11/09
Ballmer no longer follows me home  HollywoodDog | 09/11/09
You haven't made any  Wintel BSOD | 09/14/09
huh?  Badgered | 09/16/09
Thinking is hard!  cdmsr | 09/14/09
I hate the way windows does their updates...  goff256 | 09/14/09
And this is different from Window how exactly?  Qbt | 09/11/09
Actually, it is very different  NonZealot | 09/11/09
@NonZealot  Axsimulate | 09/14/09
But he's an "expert"  Wintel BSOD | 09/14/09
And many people do that  Wintel BSOD | 09/14/09
And I like Linux updates  Michael Kelly | 09/11/09
That WOULD matter  gnesterenko | 09/11/09
I am not suggesting MS host a repository  Michael Kelly | 09/11/09
I agree, Linux system is fantastic  NonZealot | 09/11/09
I do use Securina  Michael Kelly | 09/11/09
Flash fixed for Snow Leopard. . . For now  Chester Wisniewski - Sophos | 09/11/09
RE: Apple plugs 33 Mac OS X security holes, updates Flash on Leopard  craig201 | 09/11/09
The 33 holes were in Leopard, not Snow Leopard  Qbt | 09/13/09
Round and round we go.  brokenspokes | 09/11/09
RE: Apple plugs 33 Mac OS X security holes, updates Flash on Leopard  tburzio | 09/13/09
You are missing the point.  trance2tec | 09/13/09
I don't know how much more...  Qbt | 09/13/09
How would they know?  PlayFair | 09/14/09
Welcome to our world Apple people!  rupaa62 | 09/14/09
Losing My Religion  cdmsr | 09/14/09
RE: Apple plugs 33 Mac OS X security holes, updates Flash on Leopard  ropratt | 09/14/09
Good Grief!  richdave | 09/14/09
RE: Apple plugs 33 Mac OS X security holes, updates Flash on Leopard  herkyjerky | 09/14/09
RE: Apple plugs 33 Mac OS X security holes, updates Flash on Leopard  dennis.london@... | 09/14/09
Thirty-three MORE "OSX" fixes... Yawn  Master Dave | 09/14/09
RE: Apple plugs 33 Mac OS X security holes, updates Flash on Leopard  veggiedude | 09/14/09
No way  Acid_1 | 09/14/09
Those who cannot remember the past are condemned to repeat it.  rwetmore | 09/15/09
I don't believe it! Apple has security flaws?  smtp4me@... | 09/15/09
I read this  goff256 | 09/15/09
Did you actually read what I said...  smtp4me@... | 09/22/09
You ignored one fact when you posted about OSX's vulnerability  goff256 | 09/23/09
Ahh...  smtp4me@... | 09/24/09
That's advertising period  goff256 | 09/24/09
Maybe OSx has gotten better...  smtp4me@... | 09/25/09
You'll also notice  goff256 | 09/26/09
Apple's Mac commercials are false advertising  Simba7 | 09/17/09
If you follow 100% of everything that commercials tell you  goff256 | 09/17/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here