Establishing Digital Trust: Don't Sacrifice Security for Convenience
Though Apple's Mac OS X operating system itself is not open source, it does include many components that are -- which also means that it's potentially susceptible to the same vulnerabilities that have affect open source projects.
As a result, open source applications in particular are strongly represented on the list of patched items in Apple's latest security update, 2008-007.
Among the open source applications patched in the update is the Apache Web server. Apple (NASDAQ: AAPL) is updating Mac users to Apache HTTP version 2.29 from the 2.28 version that had potential Cross-Site Request Forgery (CSRF) issues.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iApple also updated the Apache Tomcat Java middleware server. Tomcat 6.0.18 addresses CSRF issues in the prior version of Tomcat that Apple had been providing to Mac OS X Server v10.5.5 users.
Open source antivirus application ClamAV received an update to version 0.94 to protect Mac users against multiple vulnerabilities in the earlier 0.93.3 version. The vulnerabilities could have potentially led to an arbitrary code execution issue on Mac OS X servers.
The open source Common Unix Printing System (CUPS) is being updated by Apple to protect against a remote arbitrary code execution issue. According to Apple's advisory, a vulnerability in the Hewlett-Packard Graphics Language (HPGL) filter could cause arbitrary memory to be overwritten with controlled data.
"If Printer Sharing is enabled, a remote attacker may be able to cause arbitrary code execution," Apple said in its advisory. "If Printer Sharing is not enabled, a local user may be able to obtain elevated privileges."
Apple's security update 2008-007 also includes updates to the open source MySQL database, bringing it to version 5.0.67 to protect against issues that exist in MySQL 5.0.45, the most recent version for Mac OS X Server v10.5.5.
The open source PHP language also receives a boost to version 4.4.9, addressing issues in PHP 4.4.8. There is also a fix for the open source Postfix mail server that ships with Mac OS X 10.5.5 to correct a configuration file issue.