The most secure operating system

[x2k]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

National Cyber Alert System

 

Technical Cyber Security Alert TA08-260A

 

 

Apple Updates for Multiple Vulnerabilities

 

Original release date: Sep 16, 2008

Last revised: --

Source: US-CERT

 

 

Systems Affected

 

* Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and

10.5.4 (Leopard)

* Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger)

and 10.5.4 (Leopard)

 

 

Overview

 

Apple has released Security Update 2008-006 and Mac OS X version 10.5.5 to

correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X

Server. Attackers could exploit these vulnerabilities to execute arbitrary

code, gain access to sensitive information, or cause a denial of service.

 

 

I. Description

 

Apple Security Update 2008-006 and Apple Mac OS X version 10.5.5 address a

number of vulnerabilities affecting Apple Mac OS X and Mac OS X Server

versions prior to and including 10.4.11 and 10.5.4. The update also

addresses vulnerabilities in other vendors' products that ship with Apple

Mac OS X or Mac OS X Server.

 

 

II. Impact

 

The impacts of these vulnerabilities vary. Potential consequences include

arbitrary code execution, sensitive information disclosure, denial of

service, privilege escalation, or DNS cache poisoning.

 

 

III. Solution

 

Upgrade

 

Install Apple Security Update 2008-006 or Apple Mac OS X version 10.5.5.

These and other updates are available via Software Update or via Apple

Downloads.

 

 

IV. References

 

* Securing Your Web Browser -

<http://www.us-cert.gov/reading_room/securing_browser/>

 

* About the security content of Mac OS X v10.5.5 and Security Update 2008-006 -

<http://support.apple.com/kb/HT3137>

 

* Mac OS X: Updating your software -

<http://support.apple.com/kb/HT1338?viewlocale=en_US>

 

* US-CERT Vulnerability Notes for Apple Security Update 2008-006 -

<http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_006>

 

_________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA08-260A.html>

_________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "TA08-260A Feedback VU#547251" in the

subject.

_________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

_________________________________________________________________

 

Produced 2008 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

 

September 16 2008: Initial release

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.5 (GNU/Linux)

 

iQEVAwUBSNANfnIHljM+H4irAQLlgQf+PqS9CZoUf6f9zPZNbyKDhBYETyc31z6G

yrF/p3T2ZfH7qK43GbgSHbriAHi+nzlKdYk6vbt++6mE3Jr3QHmk/gyjp4BD8whS

1Qp6wamRmDUMgboseftfE/Pa/lAoFSejvUsGdgbkrNNH/95LcsPFqL+6pBQHna2c

nFyEz3vMMPGxJr99Nf0Vda0O255fcjpvcVddbj005wvmyA83IT43ZFgAoINkKDvi

qRo2jNmucDoQZTzX/ap1zU3ZSu5dBHlnH1qUK0BvFQSeLeGwaMoijkn2xqpCbzsV

4u3ErEkcLAQVMsTJBEzIs22WU4yRWF07eumhng3rIgGjbXuleNPfig==

=SOoC

-----END PGP SIGNATURE-----

[monophonic]

Err, who ever says that Mac OS X is the most secure system talks trash. There is no way arguing that anything can be more secure than OpenBSD.

 

However Mac OS X is quite secure by design (strong separation of user spaces, clear file permissions, admin ≠ root etc.). It is more secure than XP, dunno about Vista though.