Security Update 2008-002 v1.1

Posted Mar 26th 2008 4:59PM by Cory Bohon
Filed under: Software Update, Leopard

Today, Apple released Security Update 2008-002 v1.1 for Leopard client and Leopard server. Software Update gives us the following information about the update:

Security Update 2008-002 is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.

You can download this update by opening Software Update (Apple menu > Software Update) or by downloading either the client or server installer package from the Apple Support downloads website.

Security Update 2008-002 issues may be cleared up by Rogue Amoeba fix

Posted Mar 19th 2008 2:30PM by Michael Rose
Filed under: Security, Leopard

As many of you have reported, there are a few hiccups for some who have installed the latest Leopard security update. Two of the areas of concern are ssh (no connectivity or a crash) and printing (errors out, documents never finish spooling), with various fixes offered (reinstalling the 10.5.2 combo update, installing a standalone SSH build) and various degrees of success reported.

One emergent common thread for some of the problems is the presence of a Rogue Amoeba audio utility, and the gang in the petri dish have responded with a revised version of the Instant Hijack framework. The new 2.0.3 version aims to address a bug that has been latent since the introduction of Leopard's position-independent executables feature, where certain sensitive processes (like, say, ssh) could be run from a randomized memory address, avoiding attack vectors that depend on targeting a specific vulnerable spot within the code.

Up until the 2008-002 security patches, according to RA, the PIE feature wasn't used for anything yet -- after the update, surprise surprise, ssh is being moved around when it runs. Since Instant Hijack inspects newly launched processes to see if they have audio properties, it tries to look at the ssh instance in memory -- hey, wherdja go? Hence the problem.

If you have been experiencing ssh issues and have Rogue Amoeba apps installed, try the patch and let us know what happens.

[via Daring Fireball + Apple discussions]

Security Update 2008-002 is available

Posted Mar 18th 2008 7:00PM by Dave Caolo
Filed under: OS, Software Update

Fire up Software Update, Mac users. Security Update 2008-002 has been released. According to Apple, this update "...is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update."

So, it improves security. How exciting. As usual, we ask you to report any problems you encounter after installing this update. Good luck, true believers! Note that this update, like the earlier Safari 3.1, requires a reboot.

Thanks to everyone who sent this in!

Update love for the Tiger crowd: Security Update 2008-001

Posted Feb 12th 2008 4:15PM by Michael Rose
Filed under: Software Update, Apple, Security

Want the security goodness of 10.5.2 in a familiar, Tiger-iffic package? You want the new, much improved Security Update 2008-001, available now for client and server versions of 10.4.11. The update includes fixes for URL vulnerabilities in Mail, Terminal and Safari, patches for Parental Controls and X11, and more -- full list after the break.

You can find this update in Software Update or download direct from Apple. Happy patching!

Continue reading Update love for the Tiger crowd: Security Update 2008-001

Security Update 2007-005

Posted May 24th 2007 4:45PM by Erica Sadun
Filed under: Software Update, Security

Apple has just posted its latest security update. This update addresses a boatload of possible vulnerabilities including a number of core unix utilities as well as iChat and VPN. Without further ado, here's a quick rundown of the fixes and the vulnerabilities:

Alias Manager. Impact: Users may be misled into opening a substituted file

BIND. Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service

CoreGraphics. Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

crontabs. Impact: The daily /tmp cleanup script may lead to a denial of service

fetchmail. Impact: fetchmail password disclosure may be possible

file. Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

iChat. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

mDNSResponder. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

PPP. Impact: A local user may obtain system privileges

ruby. Impact: Denial of service vulnerabilities in the Ruby CGI library

screen. Impact: Multiple denial of service vulnerabilities in GNU Screen

texinfo. Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten

VPN. Impact: A local user may obtain system privileges

Thanks Tomasz

Revised Security Update 004 and QT CanSecWest fix released

Posted May 1st 2007 6:30PM by Michael Rose
Filed under: Software Update, Security

Those of you in the habit of waiting a week or two to apply Apple's updates may now begin to snicker in satisfaction. A revised version of the 004 security update was released this afternoon, correcting two issues (Airport problems in 10.3.9 and FTP settings on Mac OS X Server). We linked to MacFixit's troubleshooting report for the original update late last week.

Also released: QuickTime 7.1.6, which applies to both Mac OS X and Windows deployments and closes the Java exploit used to win the CanSecWest $10,000 challenge. As expected, researcher Dino Dai Zovi and the Zero Day Initiative/Tipping Point are credited with the discovery of the vulnerability. The ZDI writeup notes that the time from discovery to patch was eight days... not all that bad.

[via MacRumors]

Security Update 2007-004

Posted Apr 19th 2007 5:10PM by Scott McNulty
Filed under: Software Update, Apple, Security

You know what that feeling in the air is? That's right! Apple has released a new security update. Security Update 2007-004. It seems to fix a slew of things, so I would suggest installing it as soon as possible.

It is available for 10.3.9 server, 10.3.9 client, PPC, and Universal flavors.

Security Update 2006-003

Posted May 11th 2006 6:01PM by Scott McNulty
Filed under: OS, Software Update

Apple also released Security Update 2006-003 today (which, if you're counting, is the third such security update for this year). This update includes files for both server and client editions of OS X, as well as files for OS X 10.3.9 through OS X 10.4.6.

This fixes a host of security issues, so I won't list them here but if you are interested check out the tech note.

Update: Brent points out, correctly, that there have been 9 security updates so far this year, however, I was correct in that this is the third OS specific update of the year. Don't you just like it when everyone is right?

Apple releases iTunes, security updates

Posted Mar 1st 2006 5:15PM by Dave Caolo
Filed under: Software Update, Apple

Apple has made both iTunes 6.0.4 and Security Update 2006-001 available via Security Update. According to Apple, iTunes 6.0.4 "...addresses stability and performance issues related to Front Row," and today's security update improves the security of the following components:

• apache_mod_php
• automount
• Bom
• Directory Services
• iChat
• IPSec
• LaunchServices
• LibSystem
• loginwindow
• Mail
• rsync
• Safari
• Syndication

Go and get 'em, folks.

Update: Reader Bob points out that iPhoto has also been updated. It's now at version 6.0.2, which, according to Apple, "...resolves several minor issues with playing shared slideshows in Front Row." Thanks, Bob!

Mac News

Macworld (497)

.Mac (38)

Accessories (624)

Airport (75)

Analysis / Opinion (1290)

Apple (1607)

Apple Corporate (546)

Apple Financial (185)

Apple History (38)

Apple Professional (49)

Apple TV (160)

Audio (441)

Bad Apple (119)

Beta Beat (146)

Blogging (87)

Bluetooth (15)

Bugs/Recalls (56)

Cult of Mac (868)

Deals (199)

Desktops (114)

Developer (204)

Education (93)

eMac (10)

Enterprise (126)

Features (372)

Freeware (362)

Gaming (344)

Graphic Design (16)

Hardware (1269)

Holidays (41)

Humor (585)

iBook (65)

iLife (237)

iMac (183)

Internet (304)

Internet Tools (1287)

iPhone (1341)

iPod Family (2017)

iTS (958)

iTunes (792)

iWork (18)

Leopard (355)

Mac mini (109)

Mac Pro (50)

MacBook (196)

MacBook Air (77)

Macbook Pro (214)

Multimedia (430)

Odds and ends (1414)

Open Source (270)

OS (889)

Peripherals (190)

Podcasting (181)

Podcasts (83)

Portables (195)

PowerBook (137)

PowerMac G5 (50)

Retail (571)

Retro Mac (47)

Rig of the Week (42)

Rumors (608)

Software (4206)

Software Update (393)

Steve Jobs (252)

Stocking Stuffers (55)

Surveys and Polls (96)

Switchers (111)

The Woz (34)

TUAW Business (227)

Universal Binary (281)

UNIX / BSD (61)

Video (908)

Weekend Review (74)

WIN Business (49)

Wireless (80)

XServe (35)

Mac Events

One More Thing (27)

Liveblog (0)

Other Events (231)

WWDC (180)

Mac Learning

Ask TUAW (96)

Blogs (85)

Books (23)

Books and Blogs (63)

Cool tools (444)

Hacks (462)

How-tos (480)

Interviews (33)

Mods (184)

Productivity (582)

Reviews (99)

Security (145)

Terminal Tips (56)

Tips and tricks (558)

Troubleshooting (160)

TUAW Features

iPhone 101 (23)

TUAW Labs (3)

Blast From the Past (17)

TUAW Tips (141)

Flickr Find (32)

Found Footage (70)

Mac 101 (80)

TUAW Interview (30)

Widget Watch (196)

The Daily Best (2)

TUAW Faceoff (4)

RESOURCES

• Send us news tips
• Contact Us
• Advertise
• Corrections?
• Problems?

RSS NEWSFEEDS

• Main RSS Feed
• Feeds by category

Sponsored Links

Advertise on TUAW

Featured Galleries

 

Most Commented On (7 days)

• TUAW Faceoff: Screenshot apps on the firing line (66)
• The OS X desktop as music video (62)
• Adium adds Facebook Chat support; emo kids cheer worldwide (60)
• Mac 101: External HDs (59)
• You're gonna have to face it ... (54)
• Rumor: .Mac relaunch to coincide with iPhone 2.0? (53)
• Broken iPod: fix it or replace it? (48)
• The philosophy of iMac (45)
• VMware Fusion 2.0 Beta 1 (43)
• Here Comes A Special Boy... (41)

Recent Comments

• Swapnonil on SingTel confirms iPhone for Singapore, India, the Philippines and Australia
• Torley on The OS X desktop as music video
• Kizorblade on SingTel confirms iPhone for Singapore, India, the Philippines and Australia
• Tom on AppleScript: download YouTube videos
• Macskeeball on AppleScript: download YouTube videos
• Ryan Humphreys on AppleScript: download YouTube videos
• Dave on TUAW preview: Schmap for iPhone & iPod Touch
• Dinesh on AppleScript: download YouTube videos
• Luigi193 on AppleScript: download YouTube videos
• The Tuesday Night Tech Show on AppleScript: download YouTube videos

More Apple Analysis

• AAPL on BloggingStocks The Apple category feed from BloggingStocks.com
• AAPL Quote, News & Summary The AAPL financials page from AOL Money and Finance
• iPhone analysis from BloggingStocks iPhone tag feed from BloggingStocks
• Macintosh news and reviews on Download Squad The Macintosh category feed from Download Squad

More from AOL Money and Finance

• Stock Screener
• Stock Quotes
• DJIA
• AMT
• Auto Loans
• Banking
• Car Insurance
• Checking Account
• Credit Cards
• Credit Reports
• Debt Management
• Dow Jones Industrial Average
• Earnings
• GOOG
• Health Insurance
• Home Insurance
• Identity Theft
• Income Tax Basics
• Insurance
• Life Insurance
• Loans
• Money
• Mortgages
• Personal Loans
• Recession
• Refinancing
• Retirement
• Savings Account
• Small Business
• Stock Charts
• Stock Ticker
• Taxes
• Tech News

Weblogs, Inc. Network

• Autos
  • Autoblog
  • AutoblogGreen
  • Autoblog Spanish
  • Autoblog Chinese
  • Autoblog Simplified Chinese
• Technology
  • Download Squad
  • Engadget
  • Engadget HD
  • Engadget Mobile
  • Engadget Chinese
  • Engadget Simplified Chinese
  • Engadget Japanese
  • Engadget Spanish
  • Switched
  • TUAW (Apple)
• Lifestyle
  • AisleDash
  • DIY Life
  • Gadling
  • Green Daily
  • Luxist
  • ParentDish
  • Slashfood
  • Styledash
  • That's Fit
• Gaming
  • Joystiq
  • DS Fanboy
  • Massively
  • Nintendo Wii Fanboy
  • PS3 Fanboy
  • PSP Fanboy
  • WoW Insider
  • Xbox 360 Fanboy
• Entertainment
  • Cinematical
  • TV Squad
• Finance
  • BloggingBuyouts
  • BloggingStocks
  • WalletPop
• Also on AOL
  • African-American Culture
  • Autos
  • Games
  • Maps
  • Money
  • Movies
  • Music
  • News
  • Radio
  • Sports
  • Television
  Travel

More on AOL: Money, Investing, Bonds, Broker Center, Currency, ETF Center, Futures, International Markets, Mutual Fund Center, Stock Charts, Stock Quotes, Stock Screener, Portfolios, Personal Finance, Personal Loans, Finance Calculators, Money Basics, Retirement, Taxes, Market News, Small Business

All contents copyright © 2003-2008, Weblogs, Inc. All rights reserved

The Unofficial Apple Weblog (TUAW) is a member of the Weblogs, Inc. Network. Privacy Policy, Terms of Service, Notify AOL