In-Depth
Alert: British Security Suffers; Apple Patches 14 Vulnerabilities
A new report from McAfee examines European companies' vulnerabilities.
British firms have poor spam hygiene, according to McAfee, a division of Network Associates, which surveyed 200 IT professionals in Britain, France, Germany, the Netherlands, and Sweden. In fact, 40 percent of British firms have no spam filtering in place, putting them behind other European countries.
British firms also suffer—albeit in the company of the Netherlands—from lack of blended-threat preparation. Overall, 28 percent of European companies admit to not being able to resist an attack such as Blaster or Sobig. Germans companies are among the best prepared (at 88 percent). Companies in Britain and the Netherlands, however, score much lower, with roughly 40 percent of firms saying they’re unprepared.
Of course, if the firms are Macintosh shops, for the moment they’re safe. In the week’s other big news, there was a furry of Macintosh security updates—something of a surprise for Apple lovers.
As buyers of just-released software know, any new operating system has what seems like innumerable security fixes during its first week of release. Macintosh users, though so far immune to viruses (none has been launched against Macs) and mostly exempt from the never-ending cycle of patch and update, nevertheless received their first update for Apple’s latest operating system: OS X 10.3, also known as Panther.
The vulnerability is an unspecified QuickTime Java system compromise (read the advisory at http://www.secunia.com/advisories/10087/). Mac OS X 10.3—as well as the 10.3 server version—are vulnerable. The error is due to the way QuickTime implements Java; more information was not available at press time. Security information provider Secunia rated the vulnerability as “moderately critical.” A free fix is available from Apple.
Secunia also detailed 13 other Apple security vulnerabilities. Most affect versions of OS X prior to 10.2.8. They could allow an attacker to bypass a computer’s security, lead to exposure of sensitive information, allow for privilege escalation, or allow an attacker to launch a denial of service attack against a Macintosh user’s computer. Apple’s suggestion is to upgrade to version 10.3, though most users will need to pay to do so.
Users can mitigate some vulnerabilities by double-checking file permissions.
Apple patches 13 OS X 10.3 vulnerabilities can be found at:http://www.secunia.com/advisories/10086/
About the Author
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.