Establishing Digital Trust: Don't Sacrifice Security for Convenience
Some security updates are bigger than others a lot bigger.
Apple has released its biggest patch update for Mac OS X ever with the 10.6.5 release patching over 130 flaws.
The 10.6.5 update is Apple's first major security update since the 10.6.4 update was released back in June.
Various graphics and image handling issues are plentiful on the 10.6.5 patch list. The ImageIO graphics subsystem is being patched for at least four different security issues. The X11 graphics framework, which is Apple's implementation of the X Windows System used by Unix vendors, is being patched for 16 issues.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The graphics and media issues also extend to Apple's Quick Time media player which is being patched for at least eight different QuickTime media player issues that could have potentially led to arbitrary code execution.
Apple is also providing a patch for its Safari Web browser as part of the update. The patch is specifically for Safari's RSS feed handling capabilities, which could potentially have led to an information leakage issue.
Not all of the fixed flaws are from Apple's own technology either. The 10.6.5 update includes an Adobe Flash player update fixing as many as 55 security issues. In contrast with Microsoft Windows, Apple bundles Flash updates as part of its operating system updates.
Safari browser. Image courtesy of Apple.
While the 10.6.5 update is loaded with security fixes, it also includes a long list of feature and usability fixes, as well. Apple lists improved reliability of Ethernet connections and the ability to handle RAW images as an improvement in 10.6.5. Improved Microsoft Exchange server support, as well as multiple printer issues also make the 10.6.5 list of bug fixes.
Even with all the security and bug fixes in the Mac 10.6.5 update, security researcher Charlie Miller who has publicly hacked Macs and iPhones at multiple security events, claimed that bugs were still outstanding.
"Apple releases huge patch, still miss all my bugs," Miller wrote in a Twitter message. "Makes you realize how many bugs are in their code, (or they're very unlucky)."
Keep up-to-date with Mac OS security; follow eSecurityPlanet on Twitter @eSecurityP.