Apple Security Mega-Patch


I’m going to deviate off my usual path to do a little nyah-nyah at a competitor.

Seems that Apple issued a Security Mega-patch. From the article:

This latest update marks the seventh time Apple has released a security patch since the start of 2007. It affects Apple computers running Mac OS X version 10.3.9 and Mac OS X Server version 10.3.9. Mac OS X version 10.4.9 contains the security fixes released in Tuesday’s patch and, according to the Cupertino, Calif., computer maker, will install on Mac OS X v10.4 or later as well as Mac OS X Server v10.4 or later systems.

The reason I’m relishing this is primarily because of ads like this one.

It reminds me vaguely of the “Unbreakable” Oracle ad campaigns. Those didn’t go down so well, either.

There’s a saying about pride and falls that applies here.

Comments (4)

  1. mrmckeb says:

    I’d be more impressed of your Microsoft marketing team put some effort into combatting these adverts from Apple.

    Microsoft doesn’t seem to realise that people BELIEVE these ads! And the press isn’t going to tell them otherwise (as much of the press use Macs).

  2. Rosyna says:

    Uhm, it’s not a security patch. It’s an update that includes new features, bug fixes, and some security bug fixes.

    If you can call this a security megapatch then I can call Windows 2003 SP2 that was released on the same day a security megapatch.

  3. justsean says:

    Well, according to Apple’s website, there are security fixes to 30 different components (many of them have several security holes). Here is the list:

    http://docs.info.apple.com/article.html?artnum=305214

    I’m not sure if that counts as "some" security fixes, but, hey, whatever helps you sleep at night :)

    Besides, it’s not a competition. I’m just glad that Apple is getting its just rewards for its attitude.

  4. Rosyna says:

    Here’s the non-security updates.

    http://docs.info.apple.com/article.html?artnum=304821

    The problem with calling them "45" over "30" is that while some of them were assigned multiple CVEs, they cover the same core issue. IE, it’s the same bug just crashing in different places.

    For example, in order to fix the majority of the DoS disk image issues, they added a lot more validation to the disk image framework making it an optional DoS that’s completely up to the user (as opposed to not being able to retrieve their data off a corrupted disk image at any time, see http://docs.info.apple.com/article.html?artnum=305111 for more on that)