Tech Shout!

On Tuesday, Apple released quite a ‘big daddy’ of a security update to manage 87 potential flaws in its applications and Mac OS X operating system.

The latest Apple Security Update 2008-002 fixes a slew of vulnerabilities that have the ability to enable cross-site scripting, spoofing, privilege escalation, along with denial of service attacks, to name a few.

As much as half of the vulnerabilities are in open-source applications, including Apache (10 advisories), Clam AV (9 advisories), MIT Kerberos 5 (4 advisories), and PHP (10 advisories). The other half was detected in Apple applications or components.

The affected software are AFP Client, AFP Server, Apache, AppKit, Application Firewall, CFNetwork, ClamAV, CoreFoundation, CUPS, curl, Emacs, file, Foundation, Help Viewer, Image Raw, Kerberos, libc, mDNSResponder, notifyd, OpenSSH, pax archive utility, PHP, Podcast Producer, Preview, Printing, System Configuration, UDF, Wiki Server, and X11.

Though Apple doesn’t typify the vulnerabilities in terms of severity, quite a few of them have the capability to allow a remote attacker to execute arbitrary code on the affected system.

In an article from TidBITS, Macintosh security expert Rich Mogull noted, “At this point in time, I don’t recommend desktop antivirus for the average Mac user.” Security software vendors nonetheless would welcome your patronage.

Apple Security Update is available via the Mac OS X Software Update control panel or as a download from Apple’s Web site.

On Tuesday, Apple also released the Safari 3.1 Browser with a host of new features.