Headline Feeds
Apple's (Nasdaq: AAPL) 
patchy year continued Monday as the Mac maker released fixes for some 40 Mac OS X glitches in its ninth security update. In a separate release, Apple also put out an update to plug a flaw in the beta version of its Safari 3 Web browser running on Windows Vista and XP. The company also dealt with 18 other Java-related vulnerabilities in addition to its ongoing QuickTime flaw, with patches released last Thursday.
Apple does not rank the severity of its bugs, but among the fixes included in Monday's update, 20 of them should be considered critical, said SophosLabs manager Richard Wang. Those critical fixes patch up holes in the Mac OS X operating system's CFNetwork, Core Foundation, CUPS, Quick Look, Safari and Mail.
"Any vulnerability that can allow arbitrary or remote code execution should be considered to be critical. These are the kinds of vulnerability that a hacker can use to install their own software on an affected Mac," he told MacNewsWorld.
So far, with the latest Security Update 2007-009 patches included, Apple has released fixes for some 200 programming hitches -- nearly twice the 103 vulnerabilities it patched in 2006.
Year-End Plugs
Apple's last security update for 2007 corrects issues affecting users of Mac OS X 10.4 and 10.5 (Tiger and Leopard) operating systems. Included in the update are 31 fixes for the operating systems. The rest address issues with OS components such as Address Book, iChat, and a Flash Player Plug-in as well as background operations including ColorSync and IO Storage Family.
The Java run-time update is a critically important update that addresses 18 vulnerabilities which could put Mac OS X users at risk by allowing hackers to run remote code execution attacks on vulnerable systems. Several of the patches fix issues that could allow an interloper to insert or remove items from Keychain, Apple's password manager, without prompting.
The Safari Browser beta update corrects a cross-site scripting issue and is necessary only for Windows XP and Vista users.
"All of these security patches are very important," Zippy Aima, an analyst at ABI Research, told MacNewsWorld. "When we talk about software or a certain platform every bit makes a difference. So if they are releasing patches for even the least critical things, it makes a difference and that's why the patches are released."
Mac Talk
Even while Apple seems to have significantly ramped up its security profile with multiple bulky updates rolled out this year, the company still needs to effectively communicate the importance of downloading and installing the updates to Mac users, said Aima, who owns a Mac.
"[Apple] has been very quick to release updates and in its response time, but the way it is being communicated to the Mac user [does not emphasize the importance of installing any given security update]," she explained.
There is a widely held perception among computer users, particularly Mac owners, that Apple computers are more secure than PCs. Unlike Microsoft (Nasdaq: MSFT) , which ranks its updates and informs curious PC users about the importance of security fixes included in an update, Mac users can easily ignore the update message, according to Aima.
"It will show up and just say 'security' or 'new updates.' If I'm not a technical person, I might just ignore it, and I would probably say that I could just do that later. But maybe it contains something critical and needs immediate action, but I ignore it because its importance is not communicated," she pointed out.
"There is no security that is foolproof or cannot be hacked," Aima continued.
Growing Base
"As the number of Macs and Mac users increases they will become a more and more tempting target," Wang said. "We saw last month with OSX/RSPlug-A that hackers are already targeting Mac users. In the case of OSX/RSPlug-A, the same hacking group created Web sites that attacked both Windows and OS X users."
Apple's increasing popularity means that hackers and security researchers will likely direct more of their attention and resources toward Macs in an effort to ferret out flaws in the OS. That makes it even more important that the hardware maker communicates the level of importance a particular security downloads to Mac owners, Chris Rodriguez, a Frost & Sullivan analyst, said.
"As they gain popularity and market share, there will definitely be an uptick there. That will become even more applicable when they settle more into the enterprise market and you start seeing them more on servers and other hardware," he explained.
"It's been a gradual process, but they are moving at a steady pace. As their servers become more popular they will definitely need to increase security," Rodriguez told MacNewsWorld.
Talkback: 
