Is OS X.2.6 affected?

[georgelien]

So is pre-OS X.2.8 system affected?

"Apple Releases Mac OS X Security Update To Prevent Remote Users From Gaining Root Access
by Bryan Chaffin

Apple has released Security Update 2003-11-19 for Mac OS X. The release addresses issues with OpenSSL and a function called gzprintf(). Don't sweat it if you don't know what those are, but we do recommend the update to everyone. From Apple's rather sparse update notes:


Security Update 2003-11-19 includes the following updated components:

OpenSSL
zlib "gzprintf()" function

The update is available for both Jaguar (10.2.8) and Panther. The download weighs in at 1.3 MB, and can be found in the Software Update Control Panel."


Best Regards,
George Lien

 

[ElDiabloConCaca]

I would update to 10.2.8 and apply the patch if I were you. 10.2.8 was the most stable release of OS X I ever got my hands on.

I'm sure that any system previous to 10.2.8 is affected, if not just any 10.2.x release.

 

[fryke]

Yes. Any system 10.2.x must be updated to 10.2.8 and then updated with the security update - or it's vulnerable.

 

[Captain Code]

What about 10.1.5? I'm not sure what version of openssl it has. I know Apple doesn't have an updater for it, but it'd be possible to update it manually. This is the highest version of OS X that will run on my 9500.

 

[Ripcord]

10.1.5 is most likely vulnerable. However, I believe Apple has long since stopped releasing updates for 10.1 (as it is very quickly doing with 10.2)