Home > Daily Thoughts, Emerging Threats > OS X users, please patch!

OS X users, please patch!

If you haven’t patch yet, then please do.

update

How do I know if I’m patched?

Click “About This Mac” and it should display Mac OS X version 10.5.7. You can do the same if you are using Safari by clicking “About Safari”,  this should display Safari 4 (beta).

Why it is important to patch?

There are critical vulnerabilities that could allow malicious user (hacker, malware)  to snoop and steal your information in background.  Let me sight examples from vulnerabilities that has captured media attention (so, it means many attackers are aware of this).

Safari RSS

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6

Solution: The critical issue has been addressed in Security Update 2009-001 for Mac users and Safari 3.2.2 for Windows.

Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution.

Attacker can easily craft URL and execute javascript – and this could expose your personal and sensitive information.

feeds

Disk Images

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6

Solution: The critical issue has been addressed in Security Update 2009-002

Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution.

This is very critical the fact that browser like Safari has enabled “Open safe files after downloading” by default. You can turn off  this option in Safari by following the instructions below:

1. Open Safari

2. Open “Preferences” under the “Safari” menu

3. Click on the “General” tab

4. Un-check the “Open ‘safe’ files after downloading” box

5. Close Safari’s preferences

safari_unsafe

  1. No comments yet.
  1. June 10, 2009 at 10:40 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: