[ISN] Apple Patches UNIX Security Bugs In Mac OS X

From: InfoSec News (isnat_private)
Date: Tue Apr 09 2002 - 00:51:09 PDT

Next message: InfoSec News: "[ISN] Terrorism 101 With Eric Shaw"

Previous message: InfoSec News: "[ISN] Industry Must Act to Avoid Shortage of IT Security Workers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.newsbytes.com/news/02/175719.html

By Brian McWilliams, Newsbytes
CUPERTINO, CALIFORNIA, U.S.A.,
08 Apr 2002, 10:03 AM CST
 
Apple Computer [NASDAQ:AAPL] has released a security update to its Mac
OS X operating system that closes more than a half dozen serious
security vulnerabilities.

The April 2002 security update for OS X version 10.1 addresses
recently discovered bugs in UNIX components used by the operating
system, according to a description of the update released by Apple
last week.
 
Mac OS X is based on core technology called "Darwin," which is a
version of the BSD UNIX operating system.

The security patch includes an updated version of the Apache Web
server built into Mac OS X. The new version, 1.3.23, incorporates a
fix to a component named mod_ssl that prevents remote attackers from
being able to run code of their choice on the server, Apple said
Friday.

Other flaws patched by the update include a bug in the PHP scripting
language shipped with Mac OS X. The Computer Emergency Response Team,
a federally funded computer security information clearinghouse, warned
in February that the PHP vulnerability could allow a remote attacker
to execute "arbitrary code" on the system.

According to Apple, the security patch also fixes security flaws in
components including groff, mail_cmds, rsync, and sudo.

The 4.2 Mbyte update is available from Apple's software download site
or via the Software Update pane in Mac OS X's System Preferences, the
company said.

"On my Linux box I had to install the same security patches, it took
me one hour to find, compile and install. With OS X it's just one
click," wrote a participant in an online message board at
VersionTracker.com last week.

The security patch does not require a system re-start, according to
other OS X message board participants.

Apple's product security site is at
http://www.apple.com/support/security/security_updates.html



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "[ISN] Terrorism 101 With Eric Shaw"
Previous message: InfoSec News: "[ISN] Industry Must Act to Avoid Shortage of IT Security Workers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 03:32:17 PDT