Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Apple's Post-Valentine's Day Security Updates

Created: 22 Feb 2007 08:00:00 GMT • Updated: 23 Jan 2014 18:52:21 GMT
TWoodward's picture
0 0 Votes
Login to vote

While Microsoft has chosen a scheduled update approach, Apple Inc.releases updates on an "as-needed" basis. While each approach isarguably valid, during Apple's World Wide Developer Conference lastyear, Bud Tribble, VP of Software Technology at Apple addressed whyApple decided on its approach: "There is some controversy in IT shopsasking 'Wouldn’t it be easier if [Apple] could have their securityupdates scheduled on a monthly basis?' We think it’s better to getthose security updates out as soon as we can get them out and not waitfor the next month to roll around."

First out of the gate is "Security Update 2007-002" containing four patches against vulnerabilities discovered during the "Month of Apple Bugs" campaign. (See Aaron Adams' "Month of Apple Bugs Overview.") This update patches MOAB-09-01-2007, MOAB-29-01-2007, MOAD-20-01-2007, and MOAB-22-01-2007.

Collectively, the update patches against malformed disk images thatcould allow arbitrary code execution, client-side and remotevulnerabilities in iChat, and a local vulnerability in theUserNotificationCenter process.

2007 Daylight Saving Time Updates

A year ago Apple initially released Daylight Savings Time (DST)updates for Tiger (Mac OS X 10.4) with version 10.4.5. Apple has nowalso released updates for Panther. In addition to operating systemupdates, Apple has also released DST and stability updates for Java andWebObjects, a Java Web application server.

More information about Apple's Daylight Saving Time changes can be found in the following Apple Knowledge Base article:
http://docs.info.apple.com/article.html?artnum=305056