Security Update 7/12/02

Sayer

macrumors 6502a
Jan 4, 2002
981
0
Austin, TX
Might have been already working on it

Who knows, the people who work on this component should have known how vulnerable it was and were working on a "fix" for a future release. They just got caught early and pushed this out.

Or they are really serious about security and had people pull all-nighters until it was fixed.

Either way, it just shows that Apple can respond quickly when [legitimate] problems arise if they have the full glare of the Mac media shining on them. Mac OS X is also up for for Government security review as well so this only helps.
 

Rower_CPU

Moderator emeritus
Oct 5, 2001
11,219
0
San Diego, CA
Hear, hear!!

I just heard about this vulnerability this week and Apple already has it patched. Fantastic!

Now...how's that HTML vulnerability in Outlook Express for PC coming...;)
 

daRAT

macrumors regular
May 12, 2002
134
0
Kennebunk, Maine, USA
Odd

That security problem is almost a week old and this is the first of the Mac sites I go to that even mentioned it, only after a fix came out.


Typical, when a problem arises like this the Mac community is quiet hoping it will go away. Kudos to Apple for patching it quickly.

And shame on all who though Mac OS X is perfect, it anit by a far cry. I hope someday it is close to perfect, but no software is perfect.


I have had OS X since the second day it was released to stores and have been quite excited, but realized soon when I loaded the 10.0 version that it was a "beta" for sure, 10.1 helped, but did something wierd with the moniter display. 10.1.5 seems to be where is sould have been, when first released.

I am excited and can't wait for 10.2, but don't think it is the perfect, secure OS.


html in email is for weenies, plain old text works just fine, and html can be shut off in Outlook for all incoming and outgoing mail
 

rugby

macrumors regular
Feb 21, 2002
222
0
chicago
This update rocks! type "man softwareupdate" in terminal!

Finally, running software update via cli!!!!!

I am a happy camper!
 

j763

macrumors 6502a
Nov 25, 2001
660
0
Champaign, IL, USA
well done to apple for patching this one up quickly.

daRAT -- you say that the Mac community didn't say a word... don't you ever visit macslash, /. or macintouch???

ShaolinMiddleFinger -- OS 9 security is "better" security wise because there's no underlying code... Apple has done a great job with OS X Security and getting things fixed up quickly. Quite a few of the security updates for OS X so far relate to software componenets which apple do not develop, such as openssh and apache server. this is one of the few issues that has been the fault of apple.

Also, it never ceases to amaze me how many critical updates come out for win2k... it's a constant flow... I needed 2 CDs to burn the critical win2k updates from the original win2k release...
 

peterjhill

macrumors 65816
Apr 25, 2002
1,095
0
Seattle, WA
Now how about adding MD5 support for the passwd file

As I say above, how about some MD5 passwd support, instead of crypt. I would prefer some strong authentication for my passwd file. How many people have a passwd > 8 chars and have mistyped the passwd, but have still been let in? As long as you get the first 8 chars right, the rest are chomped off.

While were at it, I hope Apple considers adding support for Andrew File System. OpenAFS rocks on the Mac. How about they just package it into the OS. I realize that most users don't use it, but it would please Universities, as most of them run AFS. Of course then they need to add Kerberos support, but MIT has that working just fine.

While we are talking about security, has Apple implemented any kind of password encryption for mac.com email yet?
 

Choppaface

macrumors 65816
Jan 22, 2002
1,187
0
SFBA
Re: Now how about adding MD5 support for the passwd file

its about time, apple :D

Originally posted by peterjhill
As I say above, how about some MD5 passwd support, instead of crypt. I would prefer some strong authentication for my passwd file. How many people have a passwd > 8 chars and have mistyped the passwd, but have still been let in? As long as you get the first 8 chars right, the rest are chomped off.

*waves hand*
i always wonderd why it did that
 

Jays

macrumors member
Feb 4, 2002
83
0
Earth
there seems to be a problem with the update

After installing the update on my powerbook G4 everything seem o.k. but today I installed OS X 10.1.2 on a G3, thaen I opend software update and all I see is the security update, so i run it. now the SW update claims my system is up to date! I can not update to 10.1.5, so I downloaded the combined update and my OS X drive is greyed out, it seems apple has F*** up something.