On Wednesday, Mac made the newest update available for download. It patches 40 security vulnerabilities in more than 25 components and applications in the OS X operating system, including Flash Player, Apache, and iCal.
Of the elements fixed, according to Apple, 16 of the 40 were tagged with “arbitrary code execution” phrasing. Other vendors would call them “critical.”
Apache, the open-source Web server received the most patches (a total of eight) while Abobe’s Flash Player received seven. This brings Flash Player to version 220.127.116.11, which is already available from Adobe. Earlier versions of Flash are being exploited by attackers through hacks to legitimate Web sites and are infecting Windows users with various malware.
This update also fixes one of three flaws disclosed last week by Core Security Technologies.
Also notable in the update was a fix for one of three iCal vulnerabilities that had been disclosed last week by Core Security Technologies. Apple patched the most serious of the trio, marked as CVE-2008-1035, Core’s chief technology officer, Ivan Arce, confirmed today. “Yes, I can say that they patched the most serious of the vulnerabilities, but I cannot confirm that they have patched, or haven’t patched, the other two.”
Core reported the three iCal bugs to Apple in January 2008, and then went public with information about the vulnerabilities last week after it tired of Apple’s patch delays. Core’s researchers and Apple’s security team also disagreed over the severity of the two bugs still unpatched, according to notes Core posted online.
I suppose that Mac users may see these significant update packages somewhat differently than Windows users see “patch Tuesday.” When in Windows world, I would download the updates to a stick and test the heck out of them before allowing them on my machine. In Mac world, the most I do is save and close whatever I’m doing and install. If something doesn’t work quite right, I can always restore from backup and try again. So far I haven’t had to do that.
No matter what OS you support, it is important to be aware of the patches when they are available and ensure that your end users get them in place. While I as a home user can get away with just installing the patch, depending on my backups in the enterprise, it isn’t always so easy. Testing should be done to ensure compatibility.