Some of these vulnerabilities have been known for more than 6 months (not that anyone who wants to do damage would go for a platform that has less than 2% market share ). Apple isn't any better than MS except for the fact that its a less appealing target with so few machines out there
Go grab'em:
Go grab'em:
With OS X, Apple changed the core of its operating system to a version of Unix known as BSD. Now OS X includes many of the same Open Source packages used by other Unix and Linux variants, including OpenSSL for Secure Socket Layer and CUPS for printing. As a result of this change, any security vulnerabilities found in these Open Source packages generally will affect OS X as well.
In a post to their security update page, Apple released a security update for OS X 10.3.3 and another for 10.2.8. Both updates fix security issues, most of them found in the various Open Source packages OS X utilizes. Though you might not know these software modules by name, they work behind the scenes when you go about your normal daily duties such as reading email and visiting Web sites, so virtually every Macintosh user is exposed to the risk caused by these flaws. Specifically, the affected packages and their flaws are:
An unknown vulnerability affecting CUPS Printing (CAN-2004-0382). Details describing this vulnerability and its impact have not been disclosed. However, the problem relates to a configuration setting in CUPS.
A buffer overflow in two Libxml2 modules (CAN-2004-0110). Libxml2 is a library of functions that applications use to manipulate XML data. A buffer overflow found in two modules of libxml2 could allow a remote hacker to execute code via an overly long URL.
Another unkown vulnerability, this time affecting Mail (CAN-2004-0383). Again, Apple has not disclosed the details of this vulnerability or its impact. However, Mail (OS X's e-mail client) apparently doesn't handle HTML e-mail's properly.
Two flaws in OpenSSL (CAN-2004-0079 and CAN-2004-0112). Both of these flaws allow a remote attacker to cause a Denial of Service by sending a malformed SSL/TLS handshake.
Solution Path:
Apple has released seperate patches for OS X or OS X Server 10.3.3 and 10.2.8. You should download, test, and deploy these patches to the corresponding OS X machines during your next maintenance cycle:
Security Update for OS X and OS X Server 10.3.3 (Panther)
Security Update for OS X and OS X Server 10.2.8 (Jaguar)