Apple releases third patch this month

Security researchers said Mac users should take note of a Mac OS X patch update released on Friday -- the third patch for the operating system this month.

The update fixes some problems with a patch released on Monday, which itself was partly intended to fix issues with an update released earlier in March.

Separately, security researchers warned of a new phishing scam that has recently begun making the rounds, using an unusual amount of detailed personal information to target users.

Apple on Friday released version 1.1 of the 2006-002 patch, which was originally released on Monday. The revision was accompanied by an unusually small amount of explanatory information, even by Apple's standards -- the company merely listed the components patched, which are apache_mod_php, CoreTypes, LaunchServices, Mail, rsync and the Safari Web browser.

Researchers believe the revision addresses issues with the original 2006-002 patch. For instance, the version of rsync provided by Monday's patch was several versions behind the most recent version, meaning it probably lacked some important security updates, researchers said. Rsync synchronizes files and directories from one location to another.

"Based on the included compents, I believe that this patch will address some of the missed issues in open source packages (rsync and php)," said Johannes Ullrich, a handler with the SANS Institute's Internet Storm Center, in a statement on the organization's website.

Ullrich said the revision also seems to further tweak the way "safe" files are identified by applications such as Mail and Safari. Problems with this mechanism were at the heart of a serious security flaw revealed last month, which could allow malicious Web sites to execute code automatically on a user's Mac.

Apple fixed the problem in patch 2006-001, but the fix was causing some harmless files to be identified as dangerous. Patch 2006-002 further tweaked the way the system worked.

Ullrich said home users should apply the patch immediately, while enterprise administrators should attempt to test it. "At this point, Apple does not appear to offer the patches in distinct packages, which will make testing in larger environments tricky," he wrote.

Some users reported that some users had reported network issues, system crashes and booting problems after applying patch 2006-002, which disappeared after applying 2006-002 v1.1, according to Ullrich.

The ISC also reported receiving examples of a worrying trend in online scams: scam e-mails containing the full name and address of the recipient.

"Phishing messages are becoming increasingly personalized in attempts to convince the recipients to trust originators of the messages," wrote ISC handler Lenny Zeltser on Friday.

Zeltser said SANS had received several examples of a particular scam aimed at Citibank customers. The scam included the full name and address of the recipient in an e-mail, and the information also appeared on a customized fake Citibank site constructed to harvest bank account details.

On one particular case, the recipient rarely used his or her full name or address online, leading to speculation that the information was compiled from several sources, stolen from a retail website or credit card processor, or even purchased from a legitimate data provider. "Even if the scammer was not certain that the victim's records were correct, even a small number of matches would increase the number of fooled victims," Zeltser wrote.

This particular scam was launched as recently as two weeks ago, according to Zeltser.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?