Apple Computers (NASDAQ : AAPL) recently released a mega update which addresses 134 vulnerabilities in Mac OS X. The incremental update weighs in at 650 megabytes, which PCMagazine’s Larry Seltzer is quoted as describing as “possibly unprecedented proportions.” According to the Washington Post‘s Rob Pegoraro, the actual download size varies depending on different machines, up to 977.2 megabytes.
Tony Bradley of PCWorld compared the Mac OS X update with Microsoft’s Patch Tuesday, and claims that “To surpass 134 vulnerabilities, you have to combine six months’ worth of Patch Tuesdays from June through November.” To be fair, the massive MacOS update include 55 updates related to Adobe Flash. Vulnerability expert (and multi Pwn2Own winner) Charlie Miller is clearly not impressed. In a tweet sent late Wednesday, he wrote “Apple releases huge patch, still miss all my bugs. Makes you realize how many bugs are in their code (or they’re very unlucky).”
The mega update patches a handful of long outstanding vulnerabilities, one from 2008 and 7 from 2009. The update also includes fixes to common UNIX software such as X11, PHP and OpenSSL. Apple included more than two-dozen nonsecurity issues, many of them stability or reliability problems. The 10.6.5 upgrade also fixed a problem with some HP printers connected to wireless networks, added support for encrypted transfers of files to Apple’s online storage service, and improved the reliability of connections to Microsoft Exchange servers.
Mac users can read more about Mac OS X v10.6.5 and Security Update 2010-007 here.
rb-
The consumerization of IT has hit my workplace with iPad’s and Mac’s working their way in as “special projects.” This latest patch from Apple shows the firms attention to security. Despite the fanboyz believes, the Mac isn’t more secure than Wintel. The simple fact is, breaking into Macs probably has not ranked very high on the to do list of cyber-criminals given the smaller number of Mac users when compared with the number of machines running Windows. The second fact is that Apple is slow with security updates. The mega update addressed some MacOS problems that are over two years old.
