Wednesday, March 31, 2010

Apple delivers record monster security update

Apple's recently released (March 29) Security Update 2010-002 has patched 92 vulnerabilities in Leopard and Snow Leopard (the only two currently supported releases of OS X) breaking the record held prewviously by Apple for patching 67 vulnerabilities back in March 2008!  This is the third major update to the Snow Leopard OS, and with this number of bug fixes now makes it Apple's least secure release of OS X.

Unfortunately, the recently discovered Pwn2Own attack that successfully exploits a Safari vulnerability is not patched in this release - Apple users will need to wait until Apple releases their next Security Update (no eta as yet) until this critical vulnerability is patched.

Even without the Pwn2Own patch, this update weighs in at 719.23MB for current Snow Leopard 10.6.2 users (and 784MB for older Snow Leopard versions), which also updates the OS to 10.6.3.  If you're running Snow Leopard Server 10.6, the update size is 897.32MB.

Having 9 critical QuickTime vulnerabilities fixed, this also makes sure that the iPad is being released with a somewhat updated (even though Safari, due to the Pwn2Own attack, has a known critical vulnerability) base version of OS X.  Is the latest iPhone update due out soon, thanks to this massive OS X patch?

Have a read of this Computerworld post for more information on this Security Update.

Regards,

The Outspoken Wookie

No comments: