15:05 01.11.2005 | All news from "Security"
Apple Patching Holes
Apple posted their 10.4.3 update, patching a number of holes in their product. Five problems were found at various points in Apple's OS X. The patch is available for download now from their Apple Downloads section or the Software Update section.
The five sections included the Finder, the Software Update, memberd, Keychain and Kernel. The Finder update addresses an issue about file and group ownership information displayed in the "Finder Get Info" window not being correct. This will synchronize the displayed ownership with the actual ownership in all situations.
The Software Update has a setting allowing users to ignore specific updates. If all the updates have been marked, the program will exit with out providing a reset option. This update addresses the issue by asking whether the ignored updates list should be reset when this situation is encountered.
The memberd affects changes to a group's membership. In certain situations, changes may not be immediately reflected in access control checks. This could let people who've been removed still have access to files and other resources. The update will invalidate the group membership cache at appropriate times.
Keychain Access is a utility used to view keychain items and change keychain settings. If a keychain locks due to a timeout while viewing a stored password, the password remains visible. This update hides the passwords when the keychains do lock.
Finally, certain kernel interfaces may return data that includes sensitive information in uninitialized memory. Feeling this would be bad, Apple chose to fix this as well.
All of the fixes only work with OS X 4 or later except the kernel issue. It's for 10.4.2 or earlier. This one would be worthwhile to add. Apple doesn't release these all that often but when they do, they're important.
www.SecurityProNews.com/
The five sections included the Finder, the Software Update, memberd, Keychain and Kernel. The Finder update addresses an issue about file and group ownership information displayed in the "Finder Get Info" window not being correct. This will synchronize the displayed ownership with the actual ownership in all situations.
The Software Update has a setting allowing users to ignore specific updates. If all the updates have been marked, the program will exit with out providing a reset option. This update addresses the issue by asking whether the ignored updates list should be reset when this situation is encountered.
The memberd affects changes to a group's membership. In certain situations, changes may not be immediately reflected in access control checks. This could let people who've been removed still have access to files and other resources. The update will invalidate the group membership cache at appropriate times.
Keychain Access is a utility used to view keychain items and change keychain settings. If a keychain locks due to a timeout while viewing a stored password, the password remains visible. This update hides the passwords when the keychains do lock.
Finally, certain kernel interfaces may return data that includes sensitive information in uninitialized memory. Feeling this would be bad, Apple chose to fix this as well.
All of the fixes only work with OS X 4 or later except the kernel issue. It's for 10.4.2 or earlier. This one would be worthwhile to add. Apple doesn't release these all that often but when they do, they're important.
www.SecurityProNews.com/