Technoblog.org » apple

Mac OS X Security Configuration Guides

jrp — Wed, 02 Jun 2010 05:15:00 +0000

Apple has now released a 272-pages Security Configuration Guide for Mac OS X 10.6 (Snow Leopard).

Security guides for Mac OS X 10.3, 10.4 and 10.5 are also available at the same site:

Mac OS X Security guides:

http://www.apple.com/support/security/guides/

Mac OS X DNS workaround failed

jrp — Fri, 01 Aug 2008 23:22:16 +0000

The latest Mac OS X security update (2008-005) failed to fix (or temporarily solve) the DNS vulnerability in the client version of Mac OS X 10.5 and 10.4. The update solved (temporarily) the same problem in Mac OS X server, but somehow Apple forgot to update the client libraries. The source port is still not randomized (but incremented by 1 each time). So, is this really a critical problem? Or should we worry more about DNS servers behind NAT?

Read more details about how the DNS workaround failed in Mac OS X 10.5 or how the DNS Workaround Failed in Mac OS X 10.4

Mac OS X Security Update

jrp — Fri, 01 Aug 2008 10:41:02 +0000

Apple just released a new security update for Mac OS X (Security Update 2008-005). It affects Mac OS X Server 10.4, Mac OS X 10.4.11, Mac OS X Server 10.5 and Mac OS X 10.5.4. Its supposed to fix security issues in the following software: Open Scripting Architecture, BIND, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, OpenSSL, PHP 5.2.5, QuickLook and rsync.

Read the details about the security update here: Apple Mac OS X Security Update 2008-005