I have just upgraded a server to the latest OS X version 10.5.7 and my compliance scan tells me that these OS-installed components are causing vulnerabilities. I can't see where I can download higher versions or even if they exist!

Kerberos 5 is listed as having 'Multiple Vulnerabilities' but as far as I can see, there is no higher version available for Mac OS X.

PHP Prior to 5.2.9 is also listed as having 'Multiple Vulnerabilities' and I can see 5.2.9 is in general use but can't seem to download it anywhere. Even the download link on Apple's site is dead.

MySQL is also listed as a vulnerability and they are saying that versions prior to 5.1.9 are vulnerable, yet only 5.1.35 is available for download as a stable release.

Anyone know how to answer these seemingly unanswerable questions? I have just a couple of servers running 40-50 websites. All on Mac OS. Thanks

  • 23,440
  • 2
  • 57
  • 69
  • What makes this a "seemingly unanswerable question"? Far from a "tree falling in the woods" question, isn't it? – gWaldo Sep 07 '10 at 16:42

2 Answers2


It is a risk to depend on a third-party (Apple, or even MacPorts) to keep your software stack up-to-date for PCI compliance. Learn how to compile the components yourself, and install them outside of where Apple does: this will protect you from poorly-written Software Updates (like the recent Apple Perl/CPAN update error) from damaging or reverting your installation. Disable Apple's Apache and MySQL and enable yours.

Review the builds at opensource.apple.com and www.macports.org for guidance. Block software you cannot/should not upgrade (such as Kerberos) using the operating system firewall and with a network firewall.


cd /usr/local/src/

tar -xf mysql-5.0.83.tar
cd mysql-5.0.83
./configure --prefix=/usr/local/mysql --enable-local-infile --enable-shared --enable-thread-safe-client --with-extra-charsets=complex
make clean     
make && make install

tar -xf httpd-2.2.11.tar
cd httpd-2.2.11
./configure --prefix=/usr/local/apache2 --enable-mods-shared=all 
make clean
make && make install

tar -xf php-5.2.10.tar
cd php-5.2.10
./configure --prefix=/usr/local/php-x --enable-dbase --enable-ftp --enable-mbstring --enable-xml --enable-zip --with-apxs2=/usr/local/apache2/bin/apxs



<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
Thomas Kishel
  • 216
  • 3
  • 8

You can download PHP 5.2.9 from MacPorts here: http://www.macports.org/ports.php?by=name&substr=php (it's the 3rd one down), and can download MySQL 5.1.35 (which is 26 minor versions newer than 5.1.9) directly from MySQL here: http://dev.mysql.com/downloads/mysql/5.1.html#macosx-dmg

I can't tell the exact version number of Kerberos 5 included with 10.5.7, but the latest version directly from MIT is 1.7. You'd have to compile from source, and I don't know what it would do with the built-in version from Apple, so make sure you try any of the above in a lab/test server before upgrading your production boxen.

Sean Earp
  • 7,207
  • 3
  • 34
  • 38