http://www.newsbytes.com/news/02/175719.html By Brian McWilliams, Newsbytes CUPERTINO, CALIFORNIA, U.S.A., 08 Apr 2002, 10:03 AM CST Apple Computer [NASDAQ:AAPL] has released a security update to its Mac OS X operating system that closes more than a half dozen serious security vulnerabilities. The April 2002 security update for OS X version 10.1 addresses recently discovered bugs in UNIX components used by the operating system, according to a description of the update released by Apple last week. Mac OS X is based on core technology called "Darwin," which is a version of the BSD UNIX operating system. The security patch includes an updated version of the Apache Web server built into Mac OS X. The new version, 1.3.23, incorporates a fix to a component named mod_ssl that prevents remote attackers from being able to run code of their choice on the server, Apple said Friday. Other flaws patched by the update include a bug in the PHP scripting language shipped with Mac OS X. The Computer Emergency Response Team, a federally funded computer security information clearinghouse, warned in February that the PHP vulnerability could allow a remote attacker to execute "arbitrary code" on the system. According to Apple, the security patch also fixes security flaws in components including groff, mail_cmds, rsync, and sudo. The 4.2 Mbyte update is available from Apple's software download site or via the Software Update pane in Mac OS X's System Preferences, the company said. "On my Linux box I had to install the same security patches, it took me one hour to find, compile and install. With OS X it's just one click," wrote a participant in an online message board at VersionTracker.com last week. The security patch does not require a system re-start, according to other OS X message board participants. Apple's product security site is at http://www.apple.com/support/security/security_updates.html - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 03:32:17 PDT