Apple released in the last days upgrades to it's Tiger (10.4) and Leopard (10.5) versions of OS X.
For those unfamiliar with Mac OS X: this isn't just security patches, it somewhat comparable to what Microsoft calls a service pack. As such it can include stability fixes, features, etc. and security fixes.
10.4.11 includes a long list of security fixes. Since it's a all or nothing deal, there's very little real use in discussing all of them individually. Just take the plunge: there are a few bad ones in there, so you'll need it anyway. Some readers wrote us that there might be some issues with it all, so be careful. That said, I'm running it for a bit already and have not seen a single bad thing so far.
* CVE-2007-3456
* CVE-2007-4678
* CVE-2007-2926
* CVE-2005-0953
* CVE-2005-1260
* CVE-2007-4679
* CVE-2007-4680
* CVE-2007-0464
* CVE-2007-4681
* CVE-2007-4682
* CVE-2007-3999
* CVE-2007-4743
* CVE-2007-3749
* CVE-2007-4683
* CVE-2007-4684
* CVE-2007-4685
* CVE-2006-6127
* CVE-2007-4686
* CVE-2007-4687
* CVE-2007-4688
* CVE-2007-4269
* CVE-2007-4689
* CVE-2007-4267
* CVE-2007-4268
* CVE-2007-4690
* CVE-2007-4691
* CVE-2007-0646
* CVE-2007-4692
* CVE-2007-4693
* CVE-2007-4694
* CVE-2007-4695
* CVE-2007-4696
* CVE-2007-4697
* CVE-2007-4698
* CVE-2007-3758
* CVE-2007-3760
* CVE-2007-4671
* CVE-2007-3756
* CVE-2007-4699
* CVE-2007-4700
* CVE-2007-4701
10.5.1 includes some security fixes too, all centered around the application firewall:
* CVE-2007-4702
* CVE-2007-4703
* CVE-2007-4704
Apple also released patches for the beta of safari, but hey, it's beta software!
Rex pointed out we were missing the security update to 10.3.9 (Panther) that fixes many of the security problems also fixed in 10.4.11.
Friday, November 16, 2007
Panther/Tiger/Leopard Updates
http://isc.sans.org/diary.html?storyid=3656:
Sunday, November 04, 2007
DNS changer Trojan for Mac (!) in the wild
http://isc.sans.org/diary.html?storyid=3595
This is rather shocking (and not so shocking...both at the same time).
This is NOT a failing of OS X. This trojan installs via some social engineering...a human and not object failure.
[UPDATE:
I've added the following rule (highlighted at the above link) to two of my Snort sensors:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation)"; flow:established,to_server; content:"GET "; depth:4; content:" HTTP/1.1|0d 0a|Accept-Language\: "; pcre:"/Accept-Language\: [a-zA-Z0-9]{20}/"; classtype:trojan-activity; sid:2007650; rev:1;)]
This is rather shocking (and not so shocking...both at the same time).
This is NOT a failing of OS X. This trojan installs via some social engineering...a human and not object failure.
[UPDATE:
I've added the following rule (highlighted at the above link) to two of my Snort sensors:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation)"; flow:established,to_server; content:"GET "; depth:4; content:" HTTP/1.1|0d 0a|Accept-Language\: "; pcre:"/Accept-Language\: [a-zA-Z0-9]{20}/"; classtype:trojan-activity; sid:2007650; rev:1;)]
Subscribe to:
Posts (Atom)