Shostack + Friends Blog Archive

 

DaveG On Apple Security Advisory

warm-and-fuzzy-boots.jpgSo if you have a Mac, you really want to open software update now. You can read about Apple Security Update 2006-0003 [link to http://docs.info.apple.com/article.html?artnum=303737 no longer works] after you’ve installed it and the Quicktime patch. In “Apple Security Update RoundUp,” DaveG explains:

So, in short, without the latest update, OS X is secure as long as you don’t look at any movies, images, websites, zip files, flash content or email messages.

Snarkiness aside, I like that a number of these vulnerabilities appear to have been found internally (assuming that is what uncredited vulnerabilities mean).

He also says “That’s around 35 vulnerabilities in one day!” Why the ‘around?’ As I explained in “Counting In Computer Security,” that counting can be tricky.

One final comment. For comparison, Microsoft shipped three patches [link to http://blogs.technet.com/msrc/archive/2006/05/09/427832.aspx no longer works] this month, covering roughly 5 vulns (CVEs). Apple shipped 2 patches, covering roughly 35. I feel so warm and fuzzy.