![\"\"](\"http:\/\/juicebox.theappleblog.com\/e\/ff8527ace79a7766.jpg\/d\")
<\/p>\n<\/p>\n
It looks like we\u2019re getting close to the official release of 10.6.3, the latest update to Mac OS X Snow Leopard — and, from what we\u2019re hearing on the developer grapevine, it might prove to be the most extensive Snow Leopard update yet.<\/p>\n
TUAW reported<\/a> on Friday that the latest build of 10.6.3 (known as 10D572, for those of you paying obsessively<\/em>-close attention) was seeded to developers only two days after a previous build. Typically, ever-shortening intervals between build seeds indicates imminent release to the public. TUAW describes the latest build as focusing on \u201cGraphics Drivers, Quicktime, Images & Photos, Mail, and Security Certificates.\u201d<\/p>\n Oh, what\u2019s that? Want more details?\u00a0OK, here\u2019s the full rundown of features and fixes we can expect in 10.6.3;<\/p>\n OK, as far as lists go, this one\u2019s not not very exciting, I know. But, what if you fired-up Software Update and were offered the latest pre-release version of 10.6.3? Would that<\/em> excite you? <\/span><\/p>\n According to TUAW\u2019s Michael Grothaus, this is exactly what happened<\/a> to one Mac owner last week. They don\u2019t name him, probably to save him the email-avalanche from other Mac owners — not to mention the inevitable Cease & Desist order from Apple (you just know<\/em> Apple would bully the poor chap into silence, right?) but they do offer up this tantalizing screengrab of the autoupdate snafu:<\/p>\n Image courtesy of TUAW<\/p>\n<\/div>\n Grothaus writes that the update \u201c\u2026weighs in at a whopping 1.19GB\u201d and, at that size, I\u2019m happy to wait until Apple has finished tweaking (and trimming) the code!<\/p>\n But the thing I\u2019m most interested in is whether 10.6.3 addresses the alleged boat-load of security exploits identified by hacker extraordinaire and security expert Charlie Miller. At this week\u2019s CanSecWest security conference, Miller will discuss how he discovered them (all 20 of them) via a process known as \u2018fuzzing\u2019. His presentation is subtitled \u201cAn analysis of fuzzing 4 products with 5 lines of Python\u201d and, according to security website h-online.com<\/a>, those 4 products are all made by Apple;<\/p>\n In cracking competitions, it is regularly the Apple systems which are cracked first by attackers. Miller has argued for some time that Mac OS X is among the comparatively insecure operating systems. Apple users are currently “safer, but less secure.<\/p>\n “Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.”<\/p><\/blockquote>\n Miller said that the 20 exploits are all contained in closed-source Apple products, but pointed out that exploits could be found throughout Mac OS X due to bugs in many popular applications from different vendors;<\/p>\n OS X has a large attack surface consisting of open source components (i.e. webkit, libz, etc), closed source 3rd party components (Flash), and closed source Apple components (Preview, mdnsresponder, etc). Bugs in any of these types of components can lead to remote compromise.<\/p><\/blockquote>\n It seems not a keynote goes by without Steve Jobs showing us one of his shareholder-and-media-friendly line charts illustrating Macintosh sales. You know the ones, always trending up-and-to-the-right. Apple is clearly proud the Mac is selling better than ever (in a conference call<\/a> in late 2009, Apple announced that, for 19 out of the previous 20 quarters, the Mac grew faster than the rest of the market!)<\/p>\n Statements from Apple regarding sales are always kinda\u00a0tricky<\/em>; they\u2019re usually vague enough to allow pretty much any<\/em> positive interpretation but, for the most part, we can at least agree that the Mac has been enjoying fantastic growth.\u00a0The old days of \u2018security by obscurity\u2019 are drawing to a close. Sooner, not<\/em> later, Mac-specific malware will come. (You know, the real<\/em> malware of Windows-exploit proportions!)<\/p>\n Miller says that \u201c\u2026 in their minds, [Mac owners] don’t have a security problem until it affects their bottom line, which hasn’t been the case, yet.” And that \u2018yet\u2019 is the real<\/em> issue here. Mac OS X 10.6.3 probably addresses some<\/em> vulnerabilities — we can expect at least that much — but I wonder how obsessively Apple focuses on the security of its venerable OS, and, whatever its actual efforts, is it enough? Can Apple do what Microsoft\u00a0still<\/em> struggles to produce; a user-friendly, user-proof<\/em> OS that isn’t riddled with vulnerabilities?<\/p>\n Every update to Mac OS X reminds me that the days of security-indifference amongst Mac owners are well and truly numbered.<\/p>\n Tell me I\u2019m worried for no good reason, or scream at me and call me a moron for not already using security software, in the comments below.<\/p>\n It looks like we\u2019re getting close to the official release of 10.6.3, the latest update to Mac OS X Snow Leopard — and, from what we\u2019re hearing on the developer grapevine, it might prove to be the most extensive Snow Leopard update yet. TUAW reported on Friday that the latest build of 10.6.3 (known as […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-457918","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/457918","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=457918"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/457918\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=457918"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=457918"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=457918"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
Update Snafu<\/h3>\n
![\"\"](\"http:\/\/gigapple.files.wordpress.com\/2010\/03\/prerelease-osx.png?w=560&h=173\" "\\"prerelease")
<\/a><\/p>\nSecurity<\/h3>\n
Sooner, Not<\/em> Later<\/h3>\n
![\"\"](\"http:\/\/stats.wordpress.com\/b.gif?host=theappleblog.com&blog=5550580&post=42682&subd=gigapple&ref=&feed=1\")
<\/p>\n\n<\/img><\/a>
<\/img><\/a>
<\/img><\/a>
<\/img><\/a>
<\/img><\/a>\n<\/div>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"