Apple ships new products, fixes security
 
It’s been quite a busy week for Apple. Not only did they ship two major new products, but they also shipped fixes to the security “holes” uncovered recently.
 
On the product front (products are much more exciting than security, right?), Apple shipped the new, Intel-based Mac mini and an iPod boom-box. You can read about these all over the Net. But this is a Macintosh Internet security blog, so let’s get down to what really matters here: Apple has released a security update that fixes what we’ve called the “Here we go again” and “100,000 to 3” security issues (but which are more commonly referred to as the Leap.A virus and a Safari vulnerability).  The fixes are in Apple’s most recent security update and can be installed automatically through Apple’s Software Update system preference.  Apple also updated its important Web page on safely handling content downloaded from the Internet.
 
There are always concerns deciding when to install Apple’s software updates. We’ll go with what our book says (chapter 5, “Safe Surfing” under “General safe surfing practices”):
 
 
Especially with the recent security issues being in the news (and thus potentially encouraging “copy cats”), it’s probably safest to go ahead and install this security update right away. The fixes in the update, however, seem to only apply if you’re already running Mac OS X 10.4.5 or, in the case of the Safari fix, 10.3.9.  So you may need to upgrade your OS a bit too, which is a slightly more significant proposition, but probably still worth doing. And of course keep monitoring your sources (such as this blog) in case anything relevant is discovered with the fixes themselves (or with any of the other items included in the update, which fix a number of other security issues that no one’s even talked about -- it’s good to see Apple’s proactively fixing things too).
 
I wonder when the first security update will be issued for the iPod boom-box?  ;)
 
 
Thursday, March 2, 2006