Apple Creates Patches For Mac OS X

Apple Computer issued software updates on November 28, 2006 to plug a minimum of 31 different security loopholes in computers loaded with various versions of its Mac OS X operating systems. The free updates are available for download via OS X's 'software update' feature, or directly from 'Apple Downloads'. 'Security Update 2006-07' is empowered to update components from 'AirPort' to 'PHP' of the operating system.

Some notes given with the update say that a vulnerability of the 'AirPort Wireless Driver' was fixed so that attackers on a 'wireless network' could no longer execute arbitrary code. The vulnerability affects 'eMac', 'iBook', 'iMac', 'PowerBook G3', 'PowerBook G4' and 'Power Mac G4' systems loaded with a unique 'AirPort card'. The flaw has no impact on systems with the 'AirPort Extreme card'.

Security researcher HD Moore, on November 1, 2006 disclosed the 'AirPort' flaw. It modifies 'Proxim Wireless Orinoco wireless cards' that 'PowerBook' and 'iMac' computers use.

While Apple warned that an attacker could exploit this flaw to execute unauthorized software on a victim's machine, Moore's 'exploit code' could only result in a computer crash.

Since August 2006, security researchers have been concentrating on 'wireless device drivers'. Accordingly, researchers David Maynor and John Ellch reported about their discovery of a batch of significantly exploitable flaws in 'wireless driver', including the one that has affected Apple's PCs.
Criticisms pointing Maynor and Ellch emerged saying the two presented these flaws using an external 'wireless card' instead of the one that comes with Apple's 'MacBook'. Also, the two of them, supposedly hackers, have not published the code they used in their attack.

Despite all that, Apple provided patches for several vulnerabilities in its 'wireless drivers' in September last. Apple claims to have found these vulnerabilities in the company's 'internal audit' of software.

Apple has released other fixes too to patch easy exploits. Some are bugs that could install malware just by tricking the user to go to a specially crafted site or font files. The bundle of updates also include patches for 'ClamAV' for Mac OS X server and some for problems with the OS X utility required to unzip files.

Related article: Apple Patches QuickTime 13 Month Old Flaw

» SPAMfighter News - 12/2/2006