Shostack + Friends Blog Archive


DaveG On Apple Security Advisory

warm-and-fuzzy-boots.jpgSo if you have a Mac, you really want to open software update now. You can read about Apple Security Update 2006-0003 after you’ve installed it and the Quicktime patch. In “Apple Security Update RoundUp,” DaveG explains:

So, in short, without the latest update, OS X is secure as long as you don’t look at any movies, images, websites, zip files, flash content or email messages.

Snarkiness aside, I like that a number of these vulnerabilities appear to have been found internally (assuming that is what uncredited vulnerabilities mean).

He also says “That’s around 35 vulnerabilities in one day!” Why the ‘around?’ As I explained in “Counting In Computer Security,” that counting can be tricky.

One final comment. For comparison, Microsoft shipped three patches this month, covering roughly 5 vulns (CVEs). Apple shipped 2 patches, covering roughly 35. I feel so warm and fuzzy.