The First Apple Security and Java Update of 2009

Article by George Norman (Cybersecurity Editor)

on 13 Feb 2009

The Cupertino software developer behind the Mac OS X, has issued two updates for their operating system that include improvements to the Java platform and plug some security holes affecting the Mac OS X 10.5.6 Leopard and Mac OS X 10.4.11 Tiger, including the Safari RSS vulnerability that could allow someone with malicious intent to read the data stored on your machine.

The first security update of 2009 that Apple put out is adequately named “Security Update 2009-001" and is available for Leopard, Leopard Server, Tiger for Intel Macs, Tiger for PowerPC-based Macs, Tiger Server for PowerPC-based Macs, and Server Universal. There are two simple methods of keeping your system protected and up-to-date. The first is to go to System Preferences, click Software Update and let the process occur automatically. A more hands-on approach would be to get the update directly from Apple (download location available here).

Brian Mastenbrook, the developer that initially discovered the Safari RSS vulnerability mentioned above, comments: “Once I discovered the issue, I promptly reported it to Apple, including a proof of concept which demonstrated reading a local file. This issue was reported on July 11, 2008. After six months passed without a fix, I decided to post a warning on January 11, 2009, due to my judgment that this issue could be exploited at any time as long as it remains unfixed. So why did it take seven months for Apple to deliver a fix? What does this say about Apple's commitment to protecting the security of its users? Neither I nor anyone else who is not at Apple can answer these questions for certain.”

Security Update 2009-001 also addresses some flaws affecting the following: APF Server , Apple Pixlet Video, ClamAV, CoreText, Python, SMB, X11, Printing, DS Tools, CarbonCore, CFNetwork, Certificate Assistant, Cups, fetchmail, Folder Manager, FSEvents, perl, Network Time, Remote Apple Events, servermgrd, SquirrelMail, Xterm. These vulnerabilities can be exploited for DoS (denial of service) attacks, arbitrary code execution, gain access to system privileges, and expose passwords.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all