Apple yesterday patched 36 vulnerabilities in Mac OS X, most ofthem critical, plugging a hole that revealed passwords used toencrypt folders with an older version of FileVault. Both Mac OS X 10.7, aka Lion, and 10.6, better known as SnowLeopard, were updated with fixes. The two operating systems were last updated in February. High on the fix list was one specific to Lion that put FileVaultpasswords in plain text, where they could easily be read -- andthus encrypted folders deciphered -- if a Mac was stolen or lost.The software consultant who publicly reported the bug attributed itto a programming error on Apple's part. "The login process recorded sensitive information in the systemlog, where other users of the system could read it," Apple's advisory stated. Apple also acknowledged that the plain-text passwords maypersist in the Mac's logs after users update to 10.7.4, and urgedthem to review a support document that walked through steps to eradicate any that are remaining. Among the other patches were four Snow Leopard-only fixes quashingbugs that could be exploited via malicious image files; anotherfour in QuickTime, Apple's media player and browser plug-in; andone in FileVault 2, the full-disk encryption technology used byLion. The FileVault 2 flaw caused some date to be left unencrypted when aMac went into "sleep" mode. Twenty-one of the 36 vulnerabilities were tagged with Apple'sphrase of "arbitrary code execution," indicating that they werecritical flaws that, if exploited by attackers, could result in aMac malware infection. Eight of the bugs affected only Snow Leopard. On Lion, Apple also included a number of non-security fixes itcategorized as stability and compatibility improvements. Many ofthem were related to connecting to network services, such asMicrosoft's Active Directory and that company's Server MessageBlock (SMB) file-sharing protocol. Both are used by Macs inenterprises to access corporate resources held on servers runningWindows. Snow Leopard's update, dubbed "Security Update 201-002," receivedno feature improvements. Yesterday's update may be the last for Snow Leopard, as Apple seemsto be on the fast track for OS X 10.8, aka Mountain Lion, which may ship as soon as lateJune. Apple typically stops serving security updates to the oldestedition in its support rotation when it finalizes a major operatingsystem upgrade. Last year, OS X 10.5, or Leopard, received its final securityupdate in late June, about a month before Apple launched Lion.Leopard's versions of iTunes, QuickTime and Java, however, wereupdated after June 2011. As usual, some users reported problems with the update. On the Lion support forum , complaints ranged from kernel errors and difficulty reaching aWi-Fi network to numerous reports of bricked MacBook Pros . No one problem was dominant in those reports, but the MacBookPro-not-booting thread was heavily trafficked, with more than 1,500views since its inception Wednesday afternoon. Mac OS X 10.7.4 and the separate 2012-002 security update for SnowLeopard can be downloaded from Apple's support site or installed using the operating system's built-in update service. Gregg Keizer covers Microsoft, security issues, Apple, Web browsersand general technology breaking news for Computerworld. FollowGregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed. His email address is . See more by Gregg Keizer on Computerworld.com . Read more about mac os in Computerworld's Mac OS Topic Center. We are high quality suppliers, our products such as Led Flood Light Fixture , Led Plant Growing Lights Manufacturer for oversee buyer. To know more, please visits Led High Bay Light Fixtures.
Related Articles -
Led Flood Light Fixture, Led Plant Growing Lights Manufacturer,
|