Dive into OS X

According to PC World, Symantec has upped the warning level to Mac users this week on a Samba exploit first discovered in May of this year after discovering the exploit has been uploaded to the Metasploit hacking framework. Despite Samba’s developers having released a fix a day after the discovery, Apple has yet to patch the hole.

The exploit can allegedly allow a hacker to gain root access to a Mac which is running Samba. Samba is turned on in Macs when a user checks the “Windows File Sharing” checkbox in the System Preferences’ “Sharing” panel. Symantec suggests Mac users uncheck that box until Apple releases a patch (not exactly the solution many of us on mixed networks would like to hear).

Apple has just unleashed Mac OS X 10.4.10 for PPC/Intel Macs.

Find out more about this update here (and the security implications here). Improved in 10.4.10 is:

• More RAW support for various cameras
• Improved decimal number rounding in certain applications
• Improves compatibility of Mathematica 6 with 64-bit Macs

If you are updating from something lower than OS X 10.4.9 download the Combo updater.

Apple has just released the 10.4.10 update.
The update addresses a small set of problems that include: RAW camera support, mounting and unmounting external USB devices, support for third party software applications and, of course, security updates. These arer issues that most people don’t have.

Is this the final Tiger update, or are more updates to come between now and October? Anyway, it’s good to see Apple still actively developing 10.4 even though 10.5 (Leopard) is just around the corner.

The 50MB update is available via Software Update.

Amazon has begun offering Mac OS X 10.5 (Leopard) for pre-ordering on their website.

Amazon first offered Leopard for presale on June 12th, a day after Apple’s WWDC keynote announcing Leopard’s new features. It is already ranked as the 1st most popular software item on Amazon (as of this writing).

Mac OS X 10.5 Leopard is scheduled to ship in October 2007.

Symantec has alerted users of Mac OS X to a flaw in the version of Samba - used for sharing Mac OS X files with Windows computers - that’s included with the operating system.
Samba is a open-source software that allows Mac users to enable file and print-sharing functions with Windows users.

The bug, which was discovered earlier this month, has been successfully exploited by a security team of Symantec that routinely test vulnerabilities in several Linux distributions: “The Deepsight Threat Analyst Team successfully exploited the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application,” Symantec say. “Exploitation differs from what has been demonstrated in public exploits; however, it is likely that other researchers would be capable of quickly overcoming the technical quirks associated with the platform.”

Although Mac OS X doesn’t turn on Samba by default, sharing a network with Windows machines could leave users open to attacks. Because Apple has not released a Samba update since 2005, users must upgrade to the latest, and secure version, themselves.

“Mac OS X users are advised to download and install the latest version of Samba 3.0.25 from the official web site,” Symantec says. “If this is not possible, the Windows Sharing service should be disabled until Apple issues an official update via the Software Update service.“

Apple recently released the fifth security fix for its Mac OSX software this year. The release patched 17 vulnerabilities, less than last month (25 fixes) and the month before (45 fixes). Fewer than one-third (5) of them allowed remote access to the computer Read the rest of this entry »

Apple released the first seed of Mac OS X 10.4.10 to developers Friday. The pending update will mark the first version of Mac OS X to see a ninth substantial update since release.

According to notes accompanying builds 8R205 (PPC) and 8R2205 (Intel), Mac OS X 10.4.10 will, the update fixes issues with mds and network home directories, and an issue with the BSD Kernel. In addition, the PowerPC build corrects a problem with JavaScriptCore.

Apple lists no known issues with the current builds, but is soliciting feedback from developers in about two dozen particular areas, from AirPort to FireWire to Screen Savers.

Sources are unaware as to when Mac OS X 10.4.10 will see a public release.

Apple has finally released the Mac OS X 10.4.9 updater to users through the Mac OS X Software Update tool.

The improvements wrapped into Mac OS X 10.4.9 include faster application launch times, RAW camera support, new graphics drivers, improved font handling, better stability with Dashboard, and more. Read the rest of this entry »