Wednesday, May 9

Apple Hardens Security with Mac OS X 10.7.4 and Safari 5.1.7

TidBITS Safe Computing: Apple Hardens Security with Mac OS X 10.7.4 and Safari 5.1.7:

What a fantastic idea.

From the article:


Safari will now check the version of Flash you are running and disable it if it is not capable of updating itself to a current version. Flash versions 10.1.102.64 (yes, that’s a version number, not an IP address) and older don’t include the capability to update themselves to new releases, requiring users to update manually. Newer versions will self-update as Adobe releases fixes, which minimizes the chances a user will be exposed to Flash-related security issues.

It also fixes this error:

Mac OS X 10.7.4 fixes a security error introduced in 10.7.3 that exposed a user’s password if they upgraded to Lion while leaving the legacy version of FileVault enabled. The flaw was due to a developer leaving debugging code enabled, which logged the user’s password in plain text. This problem affected only the older version of FileVault that encrypted a user’s home directory, as opposed to the FileVault 2 feature enabled in Lion that encrypts the entire disk. To be exposed, you would have had to upgrade a legacy FileVault system to Lion and keep the older FileVault in place.
Although this extremely serious bug essentially negated any password security on affected systems, relatively few users were likely exposed. 

No comments: