Ads by TechWords

See your link here
Receive the latest technology news and information.
Macintosh
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Apple releases Mac OS X 10.5.5, patches nearly 70 bugs

Update fixes DNS vulnerability, tackles reliability problems in MobileMe, Mail and Time Machine

September 15, 2008 12:00 PM ET

Active Comments
Dan in OC says: How is it that when Apple releases 70 patches / fixes it is a good thing and people a happy...
Anonymous says: Yes you do go back once you discover that it's all marketing and a flashy case. Once you no longer...


Computerworld - Apple Inc. today released Mac OS X 10.5.5 to patch at least 34 security vulnerabilities, about a third of them considered critical, and to fix another 34 reliability and stability bugs -- including several in the services that synchronize Macs with other Macs, iPhones and Palm PDAs.

The security portion of the update -- as is its practice, Apple bundled the two for Leopard users, but split out the vulnerability fixes for people running the older Tiger -- patched bugs in the operating system's font mechanism, Finder, image processor, kernel, log-in process, system configuration utility and Time Machine backup application.

Apple labeled nine of the 34 with its usual "arbitrary code execution" phrase. Unlike other OS makers, Apple doesn't rank the vulnerabilities it reports; the tag, however, puts those bugs into a category most would consider critical.

Among the most notable fixes were a pair that plugged a serious hole in Apple's implementation of the Domain Name System (DNS), the Internet's traffic cop. "This finally patches the Dan Kaminsky exploit," said Andrew Storms, director of security operations at security vendor nCircle Network Security Inc. "This was the piece that was missing on the client side."

In early July, Kaminsky, a security researcher, disclosed a critical flaw in the DNS that made it much easier than originally thought to "poison" the cache of DNS servers, or insert bogus information into the Internet's routing infrastructure. Unlike several other major operating system vendors, including Microsoft Corp. and Red Hat Inc., Apple did not issue a patch when Kaminsky went public on July 8.

In fact, when Apple got around to releasing a DNS fix on July 31, Storms and others confirmed that the update did not actually fix the flaw on Macs running the client edition of OS X.

Apple got it right this time, however. "I installed [10.5.5] and tested it, and yes, it does patch the DNS bug on the client," Storms said.

Apple also updated Mac OS X's implementation of BIND (Berkeley Internet Name Domain), the open-source DNS software maintained by the Internet Software Consortium (ISC), to keep it current with an early-August version that the ISC released to solve performance issues that had shipped in the original fix for Kaminsky's vulnerability.

Other patches were aimed at the server editions of Mac OS X, including nine that address vulnerabilities in ClamAV, the open-source antivirus scanner that's part of Leopard's and Tiger's server software.

The update also fixed at least 34 nonsecurity flaws in Mac OS X 10.5. According to the accompanying advisory, Apple fixed two bugs each in Address Book and Disk Utility, six in the iCal calendar application, seven in the Mail e-mail client, and four in Time Machine, the automatic backup program that debuted with 10.5 last October.



Jump to comments

Apple

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying