| Subcribe via RSS
Apple has now released a 272-pages Security Configuration Guide for Mac OS X 10.6 (Snow Leopard).
Security guides for Mac OS X 10.3, 10.4 and 10.5 are also available at the same site:
Mac OS X Security guides:
http://www.apple.com/support/security/guides/
Tags: apple, mac os x, Security guideThe latest Mac OS X security update (2008-005) failed to fix (or temporarily solve) the DNS vulnerability in the client version of Mac OS X 10.5 and 10.4. The update solved (temporarily) the same problem in Mac OS X server, but somehow Apple forgot to update the client libraries. The source port is still not randomized (but incremented by 1 each time). So, is this really a critical problem? Or should we worry more about DNS servers behind NAT?
Read more details about how the DNS workaround failed in Mac OS X 10.5 or how the DNS Workaround Failed in Mac OS X 10.4
Tags: 10.4, 10.5, apple, BIND, Client, DNS, mac os x, random source port, security update, Security Update 2008-005Apple just released a new security update for Mac OS X (Security Update 2008-005). It affects Mac OS X Server 10.4, Mac OS X 10.4.11, Mac OS X Server 10.5 and Mac OS X 10.5.4. Its supposed to fix security issues in the following software: Open Scripting Architecture, BIND, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, OpenSSL, PHP 5.2.5, QuickLook and rsync.
Read the details about the security update here: Apple Mac OS X Security Update 2008-005
Tags: apple, mac os x, security update