Apple Releases Another Mega-Patch for Mac OS X

Apple patched 40 vulnerabilities in Mac OS X Thursday -- more than half of them labeled with the company's equivalent of "critical" -- and in the process broke the 250-bug bar for the year. Collectively dubbed Security Update 2008-007, the fixes patched flaws in the Finder, QuickLook, ColorSync and a host of open-source components that Apple integrates with its own code, including the libxslt library and vim. "While this seems to have an abnormally high number of patches for third-party software," said Andrew Storms, director of security operations at nCircle Network Security Inc., "it's become par for the course from Apple." Prominent in the patches for others' software were fixes to server-specific components, such as ClamAV, the open-source anti-virus scanner; MySQL Server database; and Apache Tomcat. More than half of the... [read full story]