Establishing Digital Trust: Don't Sacrifice Security for Convenience
Many of the fixes, available for download at Apple's Security Update Web site, address potential system crashes and unauthorized access to files.
For example, one fix addresses the potential for files and folders to be accessed by outside parties when file sharing is enabled on the server.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iAnother fix, aimed at Mac OS X Server v10.3.9 and v10.4.7, addresses an issue related to reconnection after a network outage.
Without this fix, Apple said it's possible for an authenticated local user on the network to read the reconnect keys and access files and folders by impersonating another user.
The update protects the reconnect keys with file system permissions.
Another security-related update increases the automatically generated passkey in the Bluetooth Setup Assistant from six to eight characters.
Several security firms helped bring the problems to Apple's attention.
The company credits Neil Archibald at Suresec in Fairview, N.J., for pointing out a problem in the dynamic linker that could give local users unauthorized access.
Tom Ferris of Security-Protocols in Mission Viejo, Calif., was credited with identifying how a maliciously created GIF image could be used to create an application crash or arbitrary code execution.
Apple said the updates address all of these issues.
The Macintosh has long had a reputation for being relatively immune to viruses and hacker attacks, at least far less than its Windows PC counterparts.
But the number of reported incidents has increased noticeably this year.