Apple delivers record monster security update

Patches 92 bugs in Leopard, Snow Leopard; no fix for Pwn2Own vulnerability

Apple today patched 92 vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems.

Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood since March 2008 . The update dwarfed any released last year, when Apple 's largest patched 67 vulnerabilities .

"The sheer number, it's almost so daunting that you don't even want to look," said Andrew Storms, director of security operations at nCircle Network Security.

Today's security roll-up fixed flaws in 42 different applications or operating system components in Mac OS X, from AppKit and Application Firewall to unzip and X11, the Mac's version of the X Window System.

Eighteen of the vulnerabilities were specific to the older Leopard operating system, while 29 were specific to Snow Leopard . The remaining 45 affected both, which are the only editions that Apple currently supports. Users running Leopard will patch 63 vulnerabilities, while Snow Leopard users face a total of 74 flaws.

The update brings Snow Leopard to version 10.6.3, making this the third major update to the OS that Apple launched in August 2009. Apple also addressed a list of nearly 30 non-security issues in the 10.6.3 update. Leopard users, meanwhile, received only the security patches.

More than 40% of the vulnerabilities patched today, 37 out of the 92, were accompanied by the phrase "may lead to arbitrary code execution," which is Apple's way of saying that a flaw is critical and could be used by attackers to hijack a Mac. Apple does not assign ratings or severity scores to the bugs it patches, unlike other major software makers, such as Microsoft and Oracle .

Among the most noticeable patches were nine affecting QuickTime, Apple's media player, in Snow Leopard. All nine were rated critical; six had been reported to Apple by 3Com TippingPoint, which runs a bug bounty program called Zero Day Initiative.

TippingPoint was in the news much of last week as it again sponsored the Pwn2Own hacking contest at the CanSecWest security conference in Vancouver, British Columbia. The company handed out $45,000 in prizes to five researchers for hacking the iPhone, as well as Apple's Safari, Microsoft's Internet Explorer and Mozilla's Firefox browsers.

Charlie Miller, the researcher who cracked Snow Leopard's security defenses to take down Safari, said today that Apple had not patched the vulnerability he used last Wednesday. "New patch doesn't fix pwn2own bug," Miller said via Twitter . "Sorry suckers, gonna have to wait for the next patch."

The timing of today's monster update didn't come as a surprise to nCircle's Storms. "It's not suprising that they patched QuickTime, what with the pending iPad release," he said today, referring to the April 3 on-sale date for Apple's new media tablet. Apple typically updates its iTunes music software, and the accompanying QuickTime player, before it releases new products that call on the former. The iPad will use the iTunes store to serve up applications and media content to customers.

"For the same reason, I'm going to guess that Apple will also update the iPhone OS this week," Storms added.

The security update can be downloaded from the Apple site or installed using Mac OS X's integrated update service.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Applesecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?