- 6 February 2012 09:54
Apple OS X users - it's Security Update time again!
Apple's latest large-scale OS X security updates are out.
If you're a Snow Leopard (OS X 10.6) user, you'll need the 200Mbyte Security Update 2012-001, which requires you to be at the latest point release of that version first.
(That's 10.6.8, which came out back in June 2011. You updated to 10.6.8 long ago, did you not?)
If you're using Lion (OS X 10.7), you get 700MBytes to 1.4Gbytes (depending on what sub-version of 10.7 you are currenly using) of full-blown new point release, which takes you to 10.7.3.
A reboot is required on both Snow Leopard and Lion.
Apple's description of the security issues fixed in these updates can be found in Support Article HT5130.
This sounds like the sort of update you would ignore at your peril.
It includes 39 fixes, addressing 52 different Common Vulnerabilities and Exposures (CVE) issues (plus one problem - various dodgy SSL certificates - not covered by a CVE identifier).
19 of the fixes are for problems listed with an impact of arbitrary code execution. That's vulnerability-speak for "could perhaps be used by a cybercrook for a drive-by infection." These now-patched exploitable vulnerabilities involved a wide range of file types.
In most cases, simply using a data file could have been enough to expose you to the vulnerability, for example: previewing a font, listening to an audio file, watching a video, viewing an image, or reading a PDF document.
Since data files aren't supposed to contain executable code - or, if they do, that code is supposed to be just-so-much harmless data - we quite reasonably treat images, podcasts, videos and so forth as implicitly safe for Macs and PCs.
So cybercrooks adore remote code execution vulnerabilities which let them sneak program code onto your computer under perfectly innocent-looking cover. The crooks are willing to pay good money for data-borne exploits; you need to be willing to patch the underlying vulnerabilities as soon as you can.
Over to you. Click on the Apple menu, choose Software Update..., and take it from there!
Enterprise Buyers Guide for Cloud Storage
Customer interest in public cloud storage is increasing, driven by the promise of affordable, elastic storage for archiving, backup/recovery, and disaster purposes. To understand the types of offerings available and to assist buyers with purchasing decisions Computerworld has prepared a public cloud storage buyers guide.
SoftDisc
SoftDisc is an image file tool that allows you to create, edit and manage your image files. It also lets you emulate a virtual CD ...
Process-Driven Master Data Management for Dummies
We wrote this book to introduce you to the subject of processdriven MDM. It’s a big topic, one that far outstrips the ability of a brief book to cover. However, our hope is that by reading this book you will gain a fundamental understanding of processdriven MDM, how it works, and what it takes to make it a success in your organisation.
- FTQM Trainer and ConsultantNSW
- FTSAP Basis ConsultantACT
- FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
- FTSenior Citrix EngineerNSW
- FTTechnical Services Engineer - ShoreTel/MitelVIC
- CCSAP FICO ConsultantNT
- CCSystem Engineer - Exchange - CONTRACTSWA
- FTSenior Citrix EngineerNSW
- FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
- CCSystem Engineer - Lync and Exchange - CONTRACTSWA
- CCSAP PM ConsultantNSW
- FTChange Management ProfessionalsNSW
- FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
- FTSAP Basis ConsultantNSW
- CCOBIEE ConsultantWA
- FTProduct Manager Strategist - Enterprise ApplicationsNSW
- CCAvaya Engineer - ERS 8600 4.1NSW
- FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
- FTiPhone App DeveloperNSW
- FTiPhone Developer DeveloperNSW
- FTiPhone App DeveloperNSW
- CCPC Relocation Technicians - Multiple Roles availableSA
- FTiPhone App DeveloperNSW
- FTIT Service Desk EngineerNSW
- FTIT Service Desk EngineerNSW
