Mac OS X 10.6.8 Brings Many Security Fixes

Apple has released a new version of Mac OS X Snow Leopard which fixes a flurry of critical vulnerabilities that could lead to arbitrary code execution.

The new Mac OS X 10.6.8 contains 28 patches for vulnerabilities in both native and third-party components. For example, the included MySQL package has been updated to version 5.0.92, which addresses eight security issues, some of which critical.

OpenSSL has been updated to version 0.9.8r, fixing five arbitrary code execution flaws. Five remotely exploitable vulnerabilities have also been patched in QuickTime.

The new release contains only one kernel patch, for a denial of service issue that can only be exploited locally by an authenticated user.

In addition to vulnerability patches, the release also updates the XProtect definitions to detect the latest Mac Defender variants.

"Malware is now an ongoing issue for Apple Mac users, with new threats being seen in the wild every day," says Graham Cluley, senior technology consultant at Sophos, one of the vendors that offer a free Mac antivirus solution.

"If you haven't already done so, I'd recommend running an anti-virus on your Mac as well as applying Apple's security patches," he advises.

Security experts, including Mr. Cluley, say that Mac users will be increasingly targeted by cyber criminals who are looking to expand into new markets. Mac users are particularly vulnerable to this because they aren't very used to malware, exploits or scams.

Applying all available patches and running up-to-date antivirus programs is critical, but it isn't enough. People who use Macs exclusively should also try to educate themselves about social engineering techniques commonly used to distribute Windows malware, because these are platform independent.