Mac OS X Patch Misses Mark, Causes HiccupsBy Ryan Naraine | Posted 2006-05-16 Print
An independent security researcher reports that Apple's most recent security update fails to address well-known vulnerabilities. Also, users are reporting boot-up hiccups after the mega patch is installed.
Apple Computer's latest Mac OS X security update misses several dangerous vulnerabilities and is causing system hangs and boot-up problems for some users, according to information reaching eWEEK.
Less than a week after Apple shipped a mega-update with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities, independent researcher Tom Ferris said that multiple Safari browser flaws remain unpatched.
Ferris, who has become a bit of a gadfly for Apple, reported the Safari vulnerabilities to Apple on April 19, but after testing the Security Update 2006-003, he told eWEEK the issues have not yet been addressed.
Ferris, who goes by the online moniker of "badpack3t," said the Safari bugs causes the application to crash and may allow a malicious attacker to execute arbitrary code.
On his Security-Protocols.com Web site, Ferris has released technical information on the flaws alongside proof-of-concept code to reproduce the browser crashes.
Back in April, Ferris also flagged a heap overflow vulnerability when specially crafted ".bmp" are processed and decompressed.
Although the Mac OS X update promised a fix for that bug, Ferris insists the underlying issue has not been addressed.
"[The update] does prevent the crash when opening [my] original proof-of-concept file. But after slightly modifying that file, I was able to trigger the same issue with the latest security update installed," Ferris said.
As per policy, Apple does not comment on potential security vulnerabilities in its products until a fix is available.
Meanwhile, Mac OS X users are reporting post-patch hiccups that range from system hangs and boot-up problems.
Read the full story on eWEEK.com: Mac OS X Patch Misses Mark, Causes Hiccups
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...