Filed under: Software Update, Security
CERT lists vulnerabilities addressed in 10.4.9/SecUpd003
Your tax dollars at work: the crack team at US-CERT (United States Computer Emergency Readiness Team) has posted a tech alert & vulnerability list for Apple's most recent security update and the 10.4.9 release, which both provide patches for a slew of flaws. Interestingly, some of the patches address problems in Apple-provided third party tools such as Adobe Flash Player and MySQL. Apple's security review page for the 2007-003 update and 10.4.9 was updated on Monday with additional details as well.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Greenline said 11:27AM on 3-15-2007
Is this a reason to install the update or to not install the update? How can something have flaws and patches for the flaws in the same update?
Reply
Michael Rose said 11:39AM on 3-15-2007
Greenline: The flaws noted were present in previous versions of Mac OS X (10.4.8, or 10.3.9 w/o the security update). The updates provide patches to correct those flaws. You should install them.
Reply
tim said 12:28PM on 3-15-2007
maybe its me and greenline, but this post reads like its trying to say the vulnerabilities still exist AFTER the patch.
maybe im just tired though
Reply
trever said 7:52PM on 3-15-2007
Yes, this was poorly written. It would be better off rewritten to say more simply that CERT has issued advisories for things that are already patched.
This is the way CERT works though, in that they do not disclose to the public until after the vendor has a patch. So, a patch comes out, a CERT advisory is published a day or three later. This is so people are encouraged to update and if they do not, they are informed as to what they are vulnerable to.
Reply