Headline Feeds
Apple (Nasdaq: AAPL) released an update to top all updates Wednesday. Included in the massive bundle -- aimed primarily at users of Apple's Tiger operating system -- is the just-out-of-beta Safari 3 as well as about 44 fixes for a spate of security flaws. The software maker's latest batch of updates and security fixes in its combo update weigh in at a whopping 321.5 MB.
The download is the eighth security update this year. In April, Apple distributed a set of 25 patches. Just one month earlier, it sent out an update repairing some 45 security flaws.
"It's a big one," said Rob Ayoub, a Frost & Sullivan analyst. "The size of the update is mostly from the inclusion of an updated Safari. But there are definitely are a lot of security updates."
Apple recommends the updates for all Mac OS X Tiger users as well as users of earlier versions of its operating system. A separate update for Mac OS X 10.3, Panther, was also released Wednesday. Meanwhile, an additional update, released Thursday, patches three vulnerabilities found in Apple's just-released OS X Leopard and fills gaps in the operating system's built-in firewall.
Mac Buggy
The bulk of the flaws were found within the Mac operating system. Several of them could be triggered when an unsuspecting user opens a maliciously crafted file that then enables hackers to gain control of the machine. Included among those patches is a fix for a Trojan that famously targeted porn site visitors.
These remote code execution vulnerabilities are particularly pernicious, said Rob Enderle, principal analyst at Enderle Group.
"Anything that allows remote code execution should be critical, and there are several of these," he told MacNewsWorld.
Another fix addresses a problem with Adobe's (Nasdaq: ADBE) Flash Player plug-in for the Mac, something for which Adobe released a fix back in July. There is also a denial-of-service bug in AppleRAID that has been corrected. Several kernel bugs that have been fixed and the remaining patches correct flaws in Apple's Safari browser.
Although downloading and installing the update is a must for Mac users, according to Enderle, there is the potential for users to have problems with their systems after such a large and varied update.
"It could [cause problems after installation]. This is a massive patch and there is no beta cycle for any of this," he pointed out.
Along with the revised version of Safari 3, Apple's non-security updates include the addition of RAW image support for cameras from Panasonic, Olympus, Leica and Canon (NYSE: CAJ); improvements in reliability for Intel-based Macs running VMware's (NYSE: VMW) Fusion desktop virtualization software and improved compatibility with wireless network devices from third-party providers as well as QuarkExpress.
A bunch of smaller upgrades improve Mac-based multimedia applications including iPhoto, Final Cut Pro, Motion, DVD Studio Pro, Soundtrack Pro and more.
The updates are available on Apple's Web site or as an automatic update.
Security Rounds
The big update is probably due to Apple's concerted efforts to finalize and release its Leopard operating system, Enderle stated.
"They were probably more focused on getting Leopard out the door than in fixing things; this reflects a big difference in how Apple and Microsoft (Nasdaq: MSFT) approach security. For Microsoft, they delayed Vista to address XP security issues. Apple did the reverse," he added.
Working toward the release of Leopard probably helped Apple find many of the flaws addressed in the update, Ayoub told MacNewsWorld. "They put out patches for things they probably fixed in Leopard.
"They just released Leopard, so they probably caught and fixed a lot of things in the release of Leopard," he pointed out. "You see it with Microsoft too, when they do a major release a lot of things that were fixed in the major release then get patched in some of the earlier releases."
However, as Apple's share of the PC market continues to grow, the company will find that it has to send out updates on a more and more frequent basis. With this security update, Apple has released the same number of updates as it did in 2006, but there are still at least six weeks left in 2007.
"They will have to. Increasingly their systems are being publicly challenged by security experts and targeted by malware writers," Enderle said.
The regular schedule of fixes from Microsoft, known as "Patch Tuesday," was demanded by Microsoft's IT customers, Enderle noted. "Apple is not influenced by IT, so is unlikely to implement this practice any time soon."
However, as products such as Boot Camp and VMware's Fusion allow Windows to run on Macs and make the Mac a less troublesome addition within the business computing environment, the call for regular updates will begin from IT departments, according to Ayoub.
"It really helps consumers, but if they ever want to be taken seriously in the enterprise they will have to adopt that kind of model," he concluded.
Talkback: 
White Paper Library
