[ISN] Apple Patches UNIX Security Bugs In Mac OS X

From: InfoSec News (isnat_private)
Date: Tue Apr 09 2002 - 00:51:09 PDT

  • Next message: InfoSec News: "[ISN] Terrorism 101 With Eric Shaw"

    By Brian McWilliams, Newsbytes
    08 Apr 2002, 10:03 AM CST
    Apple Computer [NASDAQ:AAPL] has released a security update to its Mac
    OS X operating system that closes more than a half dozen serious
    security vulnerabilities.
    The April 2002 security update for OS X version 10.1 addresses
    recently discovered bugs in UNIX components used by the operating
    system, according to a description of the update released by Apple
    last week.
    Mac OS X is based on core technology called "Darwin," which is a
    version of the BSD UNIX operating system.
    The security patch includes an updated version of the Apache Web
    server built into Mac OS X. The new version, 1.3.23, incorporates a
    fix to a component named mod_ssl that prevents remote attackers from
    being able to run code of their choice on the server, Apple said
    Other flaws patched by the update include a bug in the PHP scripting
    language shipped with Mac OS X. The Computer Emergency Response Team,
    a federally funded computer security information clearinghouse, warned
    in February that the PHP vulnerability could allow a remote attacker
    to execute "arbitrary code" on the system.
    According to Apple, the security patch also fixes security flaws in
    components including groff, mail_cmds, rsync, and sudo.
    The 4.2 Mbyte update is available from Apple's software download site
    or via the Software Update pane in Mac OS X's System Preferences, the
    company said.
    "On my Linux box I had to install the same security patches, it took
    me one hour to find, compile and install. With OS X it's just one
    click," wrote a participant in an online message board at
    VersionTracker.com last week.
    The security patch does not require a system re-start, according to
    other OS X message board participants.
    Apple's product security site is at
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 03:32:17 PDT