Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Fresh Apple Patches - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Fresh Apple Patches

Apple released a security update called "2006-001".  It is claiming to update following components:


For detailed information on this update, we'll refer you to apple's article 303382.

This update is very critical to install on your Mac OS X machines:

  • safari gets fixes for 4 separate issues: one of them with the public PoC; 3 of them result in arbitrary code execution and one looks like it allows javascript access to local resources.
    At this point it's unclear how effective the patch against the PoC is. To quote Apple: "This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9)". We know from experience that warning users is hardly enough in real life. Still it's better than nothing.
  • ichat, mail get file type protection warnings in an effort to help twarth the worm threat (as exposed by the PoC virus Leap.A)
  • many more ... but you get those for free anyway

On the not so good side: (before I get every Apple fan on my case: I love my powerbook, but it does not mean Apple should not clean up their act a bit)

  • Nice to get an update to PHP 4.4.1, but do note that a quick visit to learns that it released PHP 4.4.1 on October 31st, 2005. That's 4 months!  Add to that that PHP 4.4.2 has been released on January 13th, 2006.  For a open source package this isn't cutting it I'm afraid. Apple really needs to speed up it's testing and dramatically reduce the window of exposure (even if it's not enabled by default).
  • Apple references article 108009 but it's putting all responsability with the end user. Can't we please have it promote using things like anti-virus and other malware preventing software? Sure users should not accept everything and click on anything. But the windows world has proven this approach doesn't work well enough once the OS gets targeted by malware.

Swa Frantzen


760 Posts
Mar 1st 2006

Sign Up for Free or Log In to start participating in the conversation!