- 11 May 2012 13:18
Important Apple security updates for Snow Leopard and Lion - get 'em today!
Hot on the heels of the iOS 5.1.1 release, Apple has pumped out a raft of security updates for Snow Leopard (OS X 10.6) and Lion (OS X 10.7) users.
Here they are:
* OS X Lion 10.7.4.
This update patches numerous vulnerabilities. These include issues at Bronze, Silver and Gold medal levels of insecurity.
There are vulnerabilities leading to information leakage (other people can look at data they're not supposed to see, up to and including raw passwords), escalation of privilege (non-admin users can get administrative access they're not supposed to have), and remote code execution (untrusted external content, such as a web page, can run software on your Mac without warning).
Notably, the 10.7.4 update fixes the recently-discovered FileVault flaw. Apple inadvertently shipped a version of FileVault - the software which seamlessly encrypts your home folder - with a debugging option turned on.
This caused OS X Lion to record your personal password in its log file, where others could retrieve it. Of course, passwords should never be stored in plaintext, so this was a monster-sized blunder.
* Security update 2012-002 for 10.6.8.
Once again, refer to HT5281 for details. This is Snow Leopard's equivalent of the 10.7.4 update.
(Some of the vulnerabilities listed in HT5281 apply only to Lion - such as the FileVault password logging fault. Some apply only to Snow Leopard. Many apply to both. Apple has chosen to document them in one place, for a total of 26 vulnerabilities patched in 19 system components.)
* Remote Desktop client update.
This patch is part of the OS X Lion point update to 10.7.4, but isn't included in the 2012-002 update pack for Snow Leopard users. So if you're on 10.6.8, you get this one separately.
* Safari 5.1.7.
This is nice! The notification is at DL1531 and some implementational detail is at HT5271. The security fixes - which include a patch for the remote code execution issue addressed two days ago in iOS 5.1.1 - are at HT5282.
New to Safari 5.1.7 is a feature which automatically turns off the Adobe Flash plugin inside your browser if it goes out of date.
When you update your Flash version - an update Apple's own processes obviously can't control - then the plugin gets reactivated.
If you really want to run with the outdated plugin, HT5271 tells you how.
But you really shouldn't. Plugins such as Flash and Java are vigorously analysed by crooks in the hope that they'll find a way to trick them into downloading program code without permission.
What more to say?
These updates should be considered either necessary (in the case of the security patches) or at the very high end of highly desirable (in the case of Safari 5.1.7).
Get 'em today!
PS. Just so you know: you will need to reboot in order to activate these updates.
Flash storage represents a quantum leap from the storage layer in terms of performance, however it is crucial companies understand their I/O profile in order to formulate a successful storage strategy. Find out in this eBook how flash storage can be beneficial for enterprises and useful questions to ask before making an informed decision on the purchase.
- CCSAP DS and BI SpecialistVIC
- CCContract System Analyst (SQL/.net) 160205/SA/561Asia
- FTJava or Ruby Web DeveloperVIC
- FTNetwork Systems LeadVIC
- FTSenior Mobile Developer - IOSNSW
- CCPython Web Developer - DevOPS EnvironmentVIC
- CCWeb Content WriterSA
- FTFront End Developer Required Working World Leading Digital TeamNSW
- CCIBM ESB Developer (Junior to mid level role)NSW
- CCContract System Analyst (MSSQL/.Net/Mobile App) 160122/SA/vhaAsia
- CCAutomation QAVIC
- CCHigh Level Network Engineer (Communications)WA
- FTSenior Performance Test AnalystNSW
- FTJunior Developer | C#, MVC & SQL | Class FinanceNSW
- FTJava Web Development OpportunityVIC
- CCContract Analyst Programmer(Crystal Report/Oracle)160127/AP/vhsAsia
- CCTest ManagerQLD
- CCService Desk ManagerVIC
- CCContract System Analyst (Network & System Mgt.) 160205/SA/561Asia
- CCSolution Architect - .NET TechnologiesNSW
- CCSAP Business Intelligence SpecialistQLD
- CCPega BPM Developer / Configurer - 12 months contractACT
- CCContract Analyst Programmer 160120/AP/vvtAsia
- FT.NET DeveloperVIC
- CCJava Developer - Front/ Back EndVIC
One of the biggest use cases for the cloud – in fact, the biggest, in the case of hosted private cloud – is for backup and disaster recovery. This white paper explores why the Cloud is well suited for Disaster Recovery and what organisations need to consider to ensure that Cloud DR is right for them.
- Senate passes permanent ban on Internet access taxes
- Navy tests first ‘reversible’ clean energy fuel cell storage system
- It's official: Older versions of IE are now at risk
- Google execs defend tax deal to UK legislators
- Project Kratos: AWS Lambda functionality, without Amazon lock-in
- Microsoft expands Windows 10 release notes, but experts want more, much more
- Now your phone can scan documents directly to the cloud with Box Capture
- What's next for IBM’s enterprise social business
- Schneier: terrorists will switch to more secure alternatives to avoid encryption backdoors
- Indegy finds out when industrial controls go bad (think Stuxnet)
- Critical VPN key exchange flaw exposes Cisco security appliances to remote hacking
- Qualcomm bringing LTE connectivity to wearables with new Wear platform
- Qualcomm's new chips target low-cost smartphones with premium features
- House bill would prevent patchwork of state laws banning smartphone encryption
- Facebook withdraws Free Basics from India after regulatory debacle