Lists all of the journal entries for the day.

Wed, 1 Aug 2007

3:25 PM - OS X 10.4.10 post security patch issue

Those of you on home routers using OS X maybe in for a surprise. Apple has disabled UPNP support in the latest update for mDNSresponder. That means your router can't automatically open ports for you when using things like iChat.

-----
mDNSResponder

CVE-ID: CVE-2007-3744

Available for: Mac OS X v10.4.10, Mac OS X Server v10.4.10

Impact: An attacker on the local network may be able to cause a denial
of service or arbitrary code execution

Description: A buffer overflow vulnerability exists in the UPnP IGD
(Internet Gateway Device Standardized Device Control Protocol) code
used to create Port Mappings on home NAT gateways in the Mac OS X
implementation of mDNSResponder. By sending a maliciously crafted
packet, an attacker on the local network can trigger the overflow
which may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue by removing UPnP IGD
support. This issue does not affect systems prior to Mac OS X v10.4.
----

()

9:21 PM - Apple get's OS X 10.5 on INTEL hardware certified as UNIX


http://apple.slashdot.org/article.pl?sid=07/08/01/123258&from=rss

This does not apply to PowerPC hardware running the same OS. My Mac won't be running UNIX, but Caryn's will. Strange isn't it.


Funny comments burried inside:
LINUX - Linux Is Not UniX

location: Home

()