14 March 2007, 11:36

Spring cleaning at Apple: updates for security holes and new functionality

Spring at Apple: The Security Update 2007-003 for Mac OS X 10.3.9 and 10.4.9 closes 41 security holes in the server version; at least 14 of these could be used to inject code onto a system and have it executed there. With regard to the processing of disk images alone Apple was forced to remove eight bugs, six of which had come to light during the Month of Apple Bugs. In addition, the vendor has plugged other MoAB holes, such as bugs in the processing of the AppleTalk protocol, in ImageIO, QuickDraw, CoreGraphics and the software update mechanism.

After this update there are seven fewer vulnerabilities in the MySQL Server, of which at least one used to permit the execution of injected code. Also, the update does away with security holes, some of them critical, in the kernel, ColorSync, Crash Reporter, the print service CUPS, Printer Center, Directory Services, the Flash Player, SMB File Server (Samba), OpenSSH, Weblog, gnutar and sudo. As some of these services are not present in the client version of Mac OS X fewer holes are closed there. A bug report on version 10.3.9 by Apple lists these.

In addition, a separate update plugs the hole in iPhoto. Although in doing this Apple has not yet removed all known vulnerabilities, it has at least made substantial strides toward that goal.

But not only security has been improved. The update of version 10.4.9 also improves numerous functions. Thus for clients it is said to enhance the playback quality of DVDs, increase support for USB cameras for iChat and expands a diverse array of other functions. The update is also said to boost the stability and performance of the server.

These updates, which can amount to a total of 160 MB, can be accessed either through the operating system's software updating function, or they can be downloaded as separate packages. For an overview of all updates (client and server variants) for Intel and PPC systems please consult the Apple Downloads page.