Filed under: OS, Software Update, Security, Leopard
Apple Security update 2008-005 released
Apple has just released a new security update for client and server users of Mac OS X 10.4 (Tiger) and 10.5 (Leopard). This Security update 2008-005 is "recommended for all users and improves the security of Mac OS X," and includes fixes for a dozen or so features in Mac OS X. This update fixes a QuickLook bug where loading a malicious Microsoft Office file could lead to "arbitrary code execution." Doesn't sound too good to me! It also fixes a DNS vulnerability that has been highly discussed over the past week (and which many other vendors have already patched).
You can download this update by opening Software Update (Apple menu > Software Update). You can also find more information on what this update fixes by looking at Apple's support note.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Will said 11:44PM on 7-31-2008
145 Mb. Wow. That's one heck of a security update.
Reply
Bassir said 12:39AM on 8-01-2008
65MB for me.
Paul D. Spradling said 1:00AM on 8-01-2008
"Only" 65.1 MB for me.
Ryan said 12:51AM on 8-01-2008
65mb for me too.
Reply
Michael said 4:11AM on 8-01-2008
"... and which many other vendors have already patched"
AFAIK, that should read *ALL* other vendors.
And that's pretty bad.
This flaw is so serious that there was a secret meeting which all vendors were asked to attend back in March. It's that dangerous. Now Apple uses the open-source package BIND for DNS, which was patched in short order. But, it seems, Apple has been too lackadaisical to push the patch out to OS X users.
And this is only one of a series of things that makes one aware that Apple are not taking security as serious as they ought. (I need only mention the ridiculous state of affairs where it's been possible to use AppleScript to totally circumvent the protection provided by levels of privilege.)
John C. Welch has an opinion piece over at MacWorld where he castigates Apple and says:
"In the last few months, Apple has, by inaction, silence, and arrogance, shredded the security goodwill it had earned over the last few years. It will take years to regain that goodwill. Ask Microsoft how hard it is to regain goodwill once it’s gone."
I've never seen such forceful condemnation of Apple from that quarter before. (But he's not alone (c.f. see Tidbits or Rixstep.)
I'm really hoping Apple begins to take security seriously sooner rather than later.
Reply
Zaph said 1:56PM on 8-01-2008
The Berkeley Internet Name Domain (BIND) server is distributed with Mac OS X, and is not enabled by default.
The fact it was shipped not enabled substantially reduces the vulnerability. This is really a problem only for servers that are running a DNS server.
Rowan Pope said 4:40AM on 8-01-2008
Interesting that they've identified who reported the issue to them. Seems they've fixed a few long standing security issues. Good on 'em.
Now that's swept under the carpet, can they get iPhone 2.0.1 out the door please? :)
Reply
Mike Pro said 3:23PM on 8-01-2008
I updated on my Mac Pro a few minutes ago, and now it's refusing to boot. I hear the POST chime, but it doesn't reach the gray Apple.
Anyone else experiencing this issue?
Reply
Francesca said 6:38AM on 8-10-2008
I just installed the update last night and all of a sudden, I cannot open The Sims 2 or Roller Coaster Tycoon 3. I haven't tried doing anything else, but I'm about to see what else is messed up. I have no idea what to do with this now. Good luck with your computer.
William said 3:26PM on 8-01-2008
How come TUAW hasn't posted the story about how Apple's DNS patch doesn't actually patch the DNS flaw that it was supposed to patch? I submitted the story earlier this morning, as I'm sure other people have also...the story has been floating around the Internet for several hours now too, so it seems odd that TUAW hasn't come across it themselves either.
Reply
Greg said 9:13PM on 8-01-2008
downloaded the update, now dashboard it trashed. Crashes repeatedly. Anyone else suffering this side effect?
Reply
Sem said 12:17AM on 8-02-2008
I would really like to know if it's safe to apply this update. I don't want my Mac refusing to boot, just because of an update. Anyone else having problems booting after applying this update?
Reply
John Edmunds IV said 4:37PM on 9-09-2008
yeah, my macbook failed to reboot after installing the update, while i was on vacation, making in completely inoperable, don't dl this update
Sem said 6:26PM on 9-09-2008
I actually had no problems at all when I installed this update.
Peter said 10:51AM on 8-02-2008
After the attempt to install Security Update 2008-005 I was unable to save anything, unable to drag and drop, and sometimes unable to even open the 'File' menu. This persisted across multiple applications (I specifically tried Safari, Preview and TextEdit). I am using a 1.0 GHz Powerbook (Power PC). My wife made the same install on her MacBook Pro (2.6 GHz Intel Core 2 Duo). I verified the disc successfully (Disk Utility), but was unable to Repair Permissions via Disk Utility, it seemed to be unable to read the permissions file. I am currently in the process of attempting to back-off all the data, erase, and re-install. The first attempt at backing off the data resulted in an error (using Disk Utility on a different machine, and with my Powerbook in target disk mode - invalid argument error.)
Reply
mikebrown66 said 12:08AM on 8-05-2008
I've got a iMac G5 2.0ghz and just installed this software today. I've not been able to get on the internet with that computer since. I've tried the repair permissions thing and that seems to have fixed a couple of permissions, but my problem of internet access persits after several reboots, reconnects and cable modem unplugs. I'm using OS 10.3.9 on an old iMac G3 to try and solve this problem now...
Reply
Rich said 7:30PM on 8-08-2008
I installed this update yesterday on my 1.0 Powerbook G4, and have the same crashin problems. I can't open any applications, and I'm thinnking about doing an reboot archive and install with Leopard, are there any suggestions before I take this drastic measure??? Somebody post something a link or anything please..
Reply
M said 11:15PM on 8-10-2008
I even had a bad feeling about installing this update before I read any reviews. Stupid enough tho, I did download the update. Since then Safari (v3) won't work at all, and none of the installers (for programs like trying desperately to resuscitate Safari) can open. They bounce in the dock and then they crash. Other programs like iTunes (v7.4.x) don't want to open either. I'm running an intel Macbook v10.4.11
Reply
artgrrrl said 1:38PM on 8-11-2008
I'm on a G4 PowerBook, running 10.4.11 and I've nothing but problems since the update: Finder freezes, Camino, Firefox, Safari, the list goes on and on. To make things worse, seems the iTunes 7.7.1 update renders iTunes useless now as well.
Reply
Rich said 9:48AM on 8-13-2008
Aye guys, I had the same problems as I reported before, but I went to the Apple website and searched for Security Update 2008-005 and downloaded the correct file, for me it was 2008-005 Leopard cause I am running Leopard, make sure u guys download the correct file, and that should fix the problems you have. the updates for PPC tiger are up there
Reply