NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0084 Apple Megapatch:

We've said it time after time, but apparently it bears repeating yet again. JUST BECAUSE YOU USE A MAC does not make you immune to attacks.

Apple has issued a security update for its Mac OS/X to plug 45 security holes, including several zero-day vulnerabilities. The megapatch is the seventh Apple security patch release in three months. It deals with vulnerabilities in Apple's own software, as well as third-party components such as Adobe Systems' Flash Player, OpenSSH, and MySQL. Sixteen of the vulnerabilities addressed by the update were previously released as part of two high-profile bug-hunting campaigns. The vulnerabilities pose varying risks to Macs. Several of the flaws could be exploited to gain full control over a Mac running the vulnerable component, according to Apple's advisory. In addition to the Mac OS/X patch, Apple issued a second update to fix a security bug in iPhoto that could expose Mac users to a serious attack. An attacker could draft a malicious "photocast" which, when opened, could compromise a Mac. The Apple patch can be downloaded and installed via the Software Update feature in Mac OS/X, or from Apple Downloads.

(CNET News 13MAR07)

Last Modified: Sunday, 18-Mar-2007 22:58:39 EST