Mac OS X Patch Misses Mark, Causes HiccupsBy Ryan Naraine | Posted 2006-05-16 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
An independent security researcher reports that Apple's most recent security update fails to address well-known vulnerabilities. Also, users are reporting boot-up hiccups after the mega patch is installed.
Apple Computer's latest Mac OS X security update misses several dangerous vulnerabilities and is causing system hangs and boot-up problems for some users, according to information reaching eWEEK.
Less than a week after Apple shipped a mega-update with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities, independent researcher Tom Ferris said that multiple Safari browser flaws remain unpatched.
Ferris, who has become a bit of a gadfly for Apple, reported the Safari vulnerabilities to Apple on April 19, but after testing the Security Update 2006-003, he told eWEEK the issues have not yet been addressed.
Ferris, who goes by the online moniker of "badpack3t," said the Safari bugs causes the application to crash and may allow a malicious attacker to execute arbitrary code.
On his Security-Protocols.com Web site, Ferris has released technical information on the flaws alongside proof-of-concept code to reproduce the browser crashes.
Back in April, Ferris also flagged a heap overflow vulnerability when specially crafted ".bmp" are processed and decompressed.
Although the Mac OS X update promised a fix for that bug, Ferris insists the underlying issue has not been addressed.
"[The update] does prevent the crash when opening [my] original proof-of-concept file. But after slightly modifying that file, I was able to trigger the same issue with the latest security update installed," Ferris said.
As per policy, Apple does not comment on potential security vulnerabilities in its products until a fix is available.
Meanwhile, Mac OS X users are reporting post-patch hiccups that range from system hangs and boot-up problems.
Read the full story on eWEEK.com: Mac OS X Patch Misses Mark, Causes Hiccups