Apple publishes update for Mac OS X 10.4.10
Apple has released a new update for its Mac OS X operating system. The new version 10.4.10 remedies quite a few problems, including one related to Bluetooth headsets; in addition, it offers support for the RAW formats used by new digicams sold by Panasonic, Leica, Fuji, Nikon, and Canon and also improves a number of USB functions relating to external devices. Apple has published details in its knowledgebase entry for the update.
In addition, a security hole in type 0 routing headers for IPv6 has been closed. In Mac OS X 10.4, support for these routing headers is disabled in order to prevent the possibility of denial of service by malicious consumption of network link bandwidth. The hole can also be exploited for further purposes, such as outwitting firewalls.
Similar to source routing in IPv4, the routing header introduced in IPv6 allows the path that a packet takes to be set regardless of the router's routing table. For security reasons, however, most IPv4 routers and firewalls do not support source routing. But as it turns out, IPv6 apparently suffers from the same problems; at the end of April, the developers of FreeBSD, OpenBSD and Linux switched off support of type 0 headers in IPv6.
Users can upgrade to Mac OS X 10.4.10 through their operating system's usual update function. The update for Mac OS X 10.4.9 (for Intel and PowerPC systems) and as a combo update as of Mac OS X 10.4 (for Intel and PowerPC systems) can also be downloaded as individual packages.
- About the Mac OS X 10.4.10 Update, Apple's knowledgebase entry
- About the security content of the Mac OS X 10.4.10 Update, Apple's knowledgebase entry
- IPv6 Routing Header Security, presentation by Philippe Biondi and Arnaud Ebalard