Apple released Mac OS X 10.6.8 yesterday in preparation for its Lion release. There are several things to like about the new update, including changes to Final Cut Pro X as well as enhancements to the Mac App Store ahead of the release of Lion.
Overlooked in the update is the fact that Apple has included a fair amount of security updates in the software. When it comes to Apple, people always want to talk about what is cool and sleek and fun to use. Yet, as the fake anti-virus malware Mac Defender has shown us, Apple is becoming more of a target for malicious hacks. Apple releases security updates with each version of Mac OS X. Let’s take a look at what is significant in version 10.6.8.
According to the Sophos Naked Security blog, the most important fixes concern “arbitrary code execution.”
“That’s computer-speak for ‘allow a bad guy to run malicious code on your computer, without your authorization,'” wrote Graham Cluley of Sophos.
Digging into the Mac OS X 10.6.8 security summary, one striking aspect is how long it is in comparison with other security summaries from previous patches and OS versions. OS X 10.6.7 had three security updates, all dealing with Mac Defender. Two were file quarantine updates and one was specifically for “malware removal.”
The 10.6.8 update has 28 specific items. Five items are related to QuickTime and have to do with downloading malicious movie or picture files that could lead to arbitrary code execution. Other updates of vulnerabilities to arbitrary code execution include OpenSSL, MySQL, ImageIO, CoreGraphics, CoreFoundation, ColorSync and ATS.
Apple also patched MobileMe where a vulnerability where “an attacker with privileged network position may read MobileMe’s email aliases.”
Apple is expected to sell between 13 and 15 million MacBooks in 2011, driven largely by a coming refresh of its MacBook Air series. In comparison to how many Windows computers are shipped every year that is not a lot. Yet, criminal hackers are starting to recognize that Mac computers are susceptible to malware and socially engineered attacks. The fallacy that Macs are safer than PCs is starting to erode. As such, expect more security updates to come from Cupertino on a regular basis.