Keep OSNews alive by becoming a Patreon, by donating through Ko-Fi, or by buying merch!

macOS Archive

Apple Issues Updated Security Fix

Apple released another version of the security patch it distributed on March 13 to users of its OS X operating system software, in order to address a problem reported with the update. The company said it distributed the new patch, dubbed Update 2006-002 v1.1, in order to fix an issue with Apple's Safari Web browser that some users observed after installing its 2006-002 security update. According to a post on the company's Web site, the previous update had caused some Safari users to have problems launching the browser.

Become An X-Coder

Learn Objective-C with Xcode in the new free PDF book from Bert Altenburg, Alex Clarke and Philippe Mougin. Jump into Cocoa Development with some ready made classes and example code for XCode 2.0 and above. The book starts from scratch with basic programming knowlegde and ends up in the depth of Objective-C and Cocoa.

Mac OS X Security Test: Results

Here are the results of the challenge launched by the Unversity of Wisconsin to test OS X against hacking. "The response has been very strong; traffic to the host spiked at over 30 Mbps. Most of the traffic, aside from casual web visitors, was web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus. The machine was under intermittent DoS attacks. During the two brief periods of denial of service, the host remained up. The test machine was a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, had two local accounts, and had ssh and http open with their default configurations. There were no successful access attempts during the 38 hour duration of the test period."

Mac OS X Patch Faces Scrutiny

An Apple Computer patch released last week doesn't completely fix a high-profile Mac OS X flaw, leaving a toehold for cyberattacks, experts said. The update added a function called 'download validation' to the Safari Web browser, Apple Mail client and iChat instant messaging tool. "While Apple added a checkpoint to the downloading and execution process, they did not eliminate this vulnerability," said Kevin Long, an analyst at security specialist Cybertrust and a Mac user for 11 years. "If a user can be tricked into opening a file that looks like a picture, the user may actually be opening a malicious script."

University of Wisconsin’s Mac OS X Security Challenge

"In response to the woefully misleading ZDnet article, 'Mac OS X hacked under 30 minutes', the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open."

Mac OS X Hacked Under 30 Minutes

Gaining root access to a Mac is 'easy pickings', according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability. On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications. Within hours of going live, the 'rm-my-mac' competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".

Apple Security Fix Closes Mail, iChat, Safari Holes

Apple on Wednesday released Security Update 2006-001, available for download through Software Update system preference pane and from Apple's Downloads Web page. The update addresses a recently reported exploit that left Safari users vulnerable to malicious shell scripts, corrects a vulnerability in Apple's Mail software, and also changes the way iChat handles file transfers to help prevent the Leap-A malware.

Using Ruby on Rails for Web Development on Mac OS X

"It should come as no surprise that Mac OS X is a favored platform for Rails development. Rails and its supporting cast of web servers and databases thrive on the rich Mac OS X environment. The premier text editor favored by legions of Rails programmers everywhere is TextMate, a Cocoa application. And all members of the Rails core development team work with Macs. This article introduces you to Ruby on Rails by building a trivial web application step by step."

Linux as the Future Kernel of Mac OS

Apple had their pick of kernels when transitioning from OS 9 to OS X, and they chose to create their own kernel based on Mach 3.0. Was that really the best decision or did Apple make a huge mistake? At the time Linux was gaining support and developing rapidly, while development on Mach had pretty much ended two years earlier. This article makes a case for Apple using the Linux kernel in a future version of the Mac OS.

Security Hole in Mac OS X Also Affects Apple Mail

The weak point in Apple's Mac OS X operating system is apparently worse than originally thought. In addition to attacks via the Safari web browser, Apple Mail also executes scripts without asking in certain circumstances. It suffices to disguise a script with the ending "jpg" and assign the Terminal application for opening it. If this script is then sent in the AppleDouble format as an attachment, the information is passed along so that the recipient's system also opens it with the Terminal. Apple Mail displays the attachment with a JPG file symbol, but when users click on it, the script executes within Terminal without further prompting. Update: Heise is right.

Safari Vulnerability Worth Taking Note of

", we reported on a Trojan horse for Mac OS X that is just like the entry for Earth in the Hitchhiker's Guide to the Galaxy in that it is mostly harmless. A new vulnerability targeted at Apple's home-grown web browser, Safari, is another matter entirely. A German security firm appears to have been the first to discover the Safari flaw, which allows for shell scripts to be executed after clicking a link."

Taking Advantage of PDF Kit in Your Cocoa Application

"Most computer users today are familar with the Portable Document Format that was created by Adobe, and which has been an integral part of Mac OS X from the start. What makes PDF so successful is that it is a proven technology, the specification is public and platform-independent, and PDF files can be both compact and secure. In short, PDF has become a de facto standard in the world because it makes it easy for users to create, distribute, and view documents. This article provides an overview of developing with PDF Kit and the benefits it provides, and helps you get started as quickly as possible."