Skip to Content

Free TUAW iPhone app -- try it now!
AOL Tech

Security Update posts

Filed under: Software Update, Snow Leopard

Mac OS X 10.6.2 is on the prowl, plus security update for 10.5 users

by TJ Luoma (RSS feed) on Nov 9th, 2009

Update: As noted by our commenters and cross-confirmed with OS News, the 10.6.2 update appears to drop support for the hackintosh-centric Atom processor. This was spotted in earlier builds, but it was not clear whether the support for the netbook CPU would be in or out in the final configuration.

We've been expecting Mac OS X 10.6.2 for a while now, especially since Apple initially said that the new Magic Mouse would require it, but it has just arrived.

Alongside the OS update for Snow Leopard users, Security Update 2009-006 is out for users of Leopard. Use Software Update to make sure that you get the right update for your computer.

Bug fixes are reported for AFP Client, Adaptive Firewall, Apache (2), Apache Portable Runtime, ATS, Certificate Assistant, CoreGraphics, CoreMedia (2), CUPS, Dictionary, DirectoryService, Disk Images, Dovecot, Event Monitor, fetchmail, file, FTP Server, Help Viewer, ImageIO, International Components for Unicode, IOKit, IPSec, Kernel, Launch Services, libsecurity, libxml, Login Window, OpenLDAP (2), OpenSSH, PHP, QuickDraw Manager, QuickLook, QuickTime (4), FreeRADIUS, Screen Sharing, Spotlight, and Subversion.

No word on any new features or enhancements yet. Stay tuned.

 Here's the update list from Apple via Software Update:

The 10.6.2 Update is recommended for all users running Mac OS X Snow Leopard and includes general operating system fixes that enhance the stability, compatibility, and security of your Mac, including fixes for:

an issue that might cause your system to logout unexpectedly
a graphics distortion in Safari Top Sites
Spotlight search results not showing Exchange contacts
a problem that prevented authenticating as an administrative user
issues when using NTFS and WebDAV file servers
the reliability of menu extras
an issue with the 4-finger swipe gesture
an issue that causes Mail to quit unexpectedly when setting up an Exchange server
Address Book becoming unresponsive when editing
a problem adding images to contacts in Address Book
an issue that prevented opening files downloaded from the Internet
Safari plug-in reliability
general reliability improvements for iWork, iLife, Aperture, Final Cut Studio, MobileMe, and iDisk
For detailed information on this update, please visit this website: http://support.apple.com/kb/HT3874.

Tags: 10.6.2, security update, SecurityUpdate, snow leopard, SnowLeopard, software update, SoftwareUpdate

Filed under: Software Update, Security

Apple releases security, Java updates

by Christina Warren (RSS feed) on Feb 12th, 2009



Start your engines -- er, Apple menus -- it's Software Update time! Apple has just issued two security updates today. The first is aimed at Java for OS X 10.5.6 and the Java Web Start and Java Applet components. The second update is for both Mac OS X 10.4.11 and Mac OS X 10.5.6 is a broader security update that addresses the Safari RSS vulnerability we discussed last month, as well as a number of other components (including perl, AFP Server and Remote Apple Events).

You'll need to restart your system after installing the security update -- but we recommend you do so, this stuff looks important!
Thanks Vivek!

Postscript: Brian Mastenbrook, who discovered the Safari RSS vulnerability has posted a blog entry detailing how he discovered the problem, why he issued a warning and how long it ultimately took Apple to respond (6 months!). It's good reading and a good discourse on how our favorite company handles security threats and how they might want to improve.

Tags: java, rss, safari, security update, SecurityUpdate, software update, SoftwareUpdate

Filed under: Software Update, Security

Apple releases Security Update 2008-007

by Cory Bohon (RSS feed) on Oct 9th, 2008


Apple released Security Update 2008-007 for Mac OS X Leopard and Tiger users today. The update addresses many specific areas of the Mac OS, including: Apache, ClamAV, CUPS, Finder, and more. A full list of the areas affected by the update can be found on the Apple support website. The update is available for the following systems:
You can get the update by downloading the installer package from the Apple support website, or by opening Software Update (Apple menu > Software Update).

Continue reading for a change log for this update.

Continue readingApple releases Security Update 2008-007

Tags: breakingnews, Leopard, Mac OS X, MacOsX, security, Security Update, SecurityUpdate, system, Tiger, update

Filed under: Software Update, Security, Apple TV

Apple TV update 2.2

by Cory Bohon (RSS feed) on Oct 2nd, 2008


Earlier tonight, Apple issued a Security Update for Apple TV. According to Apple, this update (version 2.2) fixes a bug in Apple TV that could allow a "maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution." This definitely doesn't sound good to us.

It's not all boring security stuff; Apple also added a Genius playlist function. To access the Genius function, just hold down the play/pause button while a song is playing, and a popup menu will allow you to "Start Genius," or add to an on-the-go playlist.

You can download this update by navigating to Settings > Update Software. Alternatively, Apple TV checks on a weekly basis for any new updates. If it finds an update, it will download, verify, and install the new update. You can read more about this update in this Apple support article.

Have you found another feature of the update? Let us know by sharing in the comments below, or sending us a tip!

Thanks Justin

Tags: Apple TV, AppleTv, breakingnews, security update, SecurityUpdate, software update, SoftwareUpdate, update

Filed under: OS, Software Update, Security

Mac OS X 10.5.5 Combo updater, Security Update for 10.4 now available

by Cory Bohon (RSS feed) on Sep 15th, 2008

If you've been a bad nervous Mac user, then chances are that you might not be running the latest updates. If so, you can download the Combo updater for Mac OS X 10.5.5 which includes all important patches up to this point, so you can remain up-to-date even if you skipped a couple of updates.

If you are still running the slightly older OS, Tiger, then Apple has provided an update for you as well. The Security 2008-006 update allows you to stay as safe as your Leopard brethren. Security update 2008-006 is available for both PPC and Intel Macs running Mac OS X 10.4 (Tiger).

You can download all of these updates by opening Software Update (Apple menu > Software Update) or by visiting Apple's download page.

Tags: Leopard, Mac, Mac OS X, MacOsX, Security Update, SecurityUpdate, software update, SoftwareUpdate, Tiger, update

Filed under: Software Update, Leopard

Security Update 2008-002 v1.1

by Cory Bohon (RSS feed) on Mar 26th, 2008

Today, Apple released Security Update 2008-002 v1.1 for Leopard client and Leopard server. Software Update gives us the following information about the update:

Security Update 2008-002 is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.

You can download this update by opening Software Update (Apple menu > Software Update) or by downloading either the client or server installer package from the Apple Support downloads website.

Tags: Leopard, Security Update, SecurityUpdate

Filed under: Security, Leopard

Security Update 2008-002 issues may be cleared up by Rogue Amoeba fix

by Michael Rose (RSS feed) on Mar 19th, 2008


As many of you have reported, there are a few hiccups for some who have installed the latest Leopard security update. Two of the areas of concern are ssh (no connectivity or a crash) and printing (errors out, documents never finish spooling), with various fixes offered (reinstalling the 10.5.2 combo update, installing a standalone SSH build) and various degrees of success reported.

One emergent common thread for some of the problems is the presence of a Rogue Amoeba audio utility, and the gang in the petri dish have responded with a revised version of the Instant Hijack framework. The new 2.0.3 version aims to address a bug that has been latent since the introduction of Leopard's position-independent executables feature, where certain sensitive processes (like, say, ssh) could be run from a randomized memory address, avoiding attack vectors that depend on targeting a specific vulnerable spot within the code.

Up until the 2008-002 security patches, according to RA, the PIE feature wasn't used for anything yet -- after the update, surprise surprise, ssh is being moved around when it runs. Since Instant Hijack inspects newly launched processes to see if they have audio properties, it tries to look at the ssh instance in memory -- hey, wherdja go? Hence the problem.

If you have been experiencing ssh issues and have Rogue Amoeba apps installed, try the patch and let us know what happens.

[via Daring Fireball + Apple discussions]

Tags: audio hijack, AudioHijack, bug, leopard, rogue amoeba, RogueAmoeba, security, security update, SecurityUpdate, ssh, tweet-this

Filed under: OS, Software Update

Security Update 2008-002 is available

by Dave Caolo (RSS feed) on Mar 18th, 2008

Fire up Software Update, Mac users. Security Update 2008-002 has been released. According to Apple, this update "...is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update."

So, it improves security. How exciting. As usual, we ask you to report any problems you encounter after installing this update. Good luck, true believers! Note that this update, like the earlier Safari 3.1, requires a reboot.

Thanks to everyone who sent this in!

Tags: leopard, mac os x, MacOsX, security update, SecurityUpdate

Filed under: Software Update, Apple, Security

Update love for the Tiger crowd: Security Update 2008-001

by Michael Rose (RSS feed) on Feb 12th, 2008

Want the security goodness of 10.5.2 in a familiar, Tiger-iffic package? You want the new, much improved Security Update 2008-001, available now for client and server versions of 10.4.11. The update includes fixes for URL vulnerabilities in Mail, Terminal and Safari, patches for Parental Controls and X11, and more -- full list after the break.

You can find this update in Software Update or download direct from Apple. Happy patching!

Continue readingUpdate love for the Tiger crowd: Security Update 2008-001

Tags: security update, SecurityUpdate

Filed under: Software Update, Security

Security Update 2007-005

by Erica Sadun (RSS feed) on May 24th, 2007

Apple has just posted its latest security update. This update addresses a boatload of possible vulnerabilities including a number of core unix utilities as well as iChat and VPN. Without further ado, here's a quick rundown of the fixes and the vulnerabilities:

Alias Manager. Impact: Users may be misled into opening a substituted file

BIND. Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service

CoreGraphics. Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

crontabs. Impact: The daily /tmp cleanup script may lead to a denial of service

fetchmail. Impact: fetchmail password disclosure may be possible

file. Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

iChat. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

mDNSResponder. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

PPP. Impact: A local user may obtain system privileges

ruby. Impact: Denial of service vulnerabilities in the Ruby CGI library

screen. Impact: Multiple denial of service vulnerabilities in GNU Screen

texinfo. Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten

VPN. Impact: A local user may obtain system privileges



Thanks Tomasz

Tags: Security Update, SecurityUpdate

Filed under: Software Update, Security

Revised Security Update 004 and QT CanSecWest fix released

by Michael Rose (RSS feed) on May 1st, 2007

Those of you in the habit of waiting a week or two to apply Apple's updates may now begin to snicker in satisfaction. A revised version of the 004 security update was released this afternoon, correcting two issues (Airport problems in 10.3.9 and FTP settings on Mac OS X Server). We linked to MacFixit's troubleshooting report for the original update late last week.

Also released: QuickTime 7.1.6, which applies to both Mac OS X and Windows deployments and closes the Java exploit used to win the CanSecWest $10,000 challenge. As expected, researcher Dino Dai Zovi and the Zero Day Initiative/Tipping Point are credited with the discovery of the vulnerability. The ZDI writeup notes that the time from discovery to patch was eight days... not all that bad.

[via MacRumors]

Tags: security update, SecurityUpdate, software update, SoftwareUpdate

Filed under: Software Update, Apple, Security

Security Update 2007-004

by Scott McNulty (RSS feed) on Apr 19th, 2007

You know what that feeling in the air is? That's right! Apple has released a new security update. Security Update 2007-004. It seems to fix a slew of things, so I would suggest installing it as soon as possible.

It is available for 10.3.9 server, 10.3.9 client, PPC, and Universal flavors.

Tags: downloads, security update, SecurityUpdate

Filed under: OS, Software Update

Security Update 2006-003

by Scott McNulty (RSS feed) on May 11th, 2006

Apple also released Security Update 2006-003 today (which, if you're counting, is the third such security update for this year). This update includes files for both server and client editions of OS X, as well as files for OS X 10.3.9 through OS X 10.4.6.

This fixes a host of security issues, so I won't list them here but if you are interested check out the tech note.

Update: Brent points out, correctly, that there have been 9 security updates so far this year, however, I was correct in that this is the third OS specific update of the year. Don't you just like it when everyone is right?

Tags: os x, OsX, security update, SecurityUpdate, tiger

Filed under: Software Update, Apple

Apple releases iTunes, security updates

by Dave Caolo (RSS feed) on Mar 1st, 2006

Apple has made both iTunes 6.0.4 and Security Update 2006-001 available via Security Update. According to Apple, iTunes 6.0.4 "...addresses stability and performance issues related to Front Row," and today's security update improves the security of the following components:

  • apache_mod_php
  • automount
  • Bom
  • Directory Services
  • iChat
  • IPSec
  • LaunchServices
  • LibSystem
  • loginwindow
  • Mail
  • rsync
  • Safari
  • Syndication
Go and get 'em, folks.

Update: Reader Bob points out that iPhoto has also been updated. It's now at version 6.0.2, which, according to Apple, "...resolves several minor issues with playing shared slideshows in Front Row." Thanks, Bob!

Tags: apple, frontrow, itunes, security update, SecurityUpdate, software update, SoftwareUpdate

Tip of the Day

Use Spotlight as a reference tool. Type any word in the Spotlight box and one of the top entries will be a definition. Click on it, and it will bring up the dictionary application to check the word in either the dictionary, thesaurus, Apple database, or Wikipedia.

Learn More

Follow us on Twitter!

TUAW flickr Pool

www.flickr.com
 TUAW [Cafepress]

Featured Galleries

DNC Macs
Macworld 2008 Keynote
Macworld 2008 Build-up
Google Earth for iPhone
Podcaster
Storyist 2.0
AT&T Navigator Road Test
Bento for iPhone 1.0
Scrabble for iPhone
Tom Bihn Checkpoint Flyer Briefcase
Apple Vanity Plates
Apple booth Macworld 07
WorldVoice Radio
Quickoffice for iPhone 1.1.1
Daylite 3.9 Review
DiscPainter
Mariner Calc for iPhone
2009CupertinoBus
Crash Bandicoot Nitro Kart 3D
MLB.com At Bat 2009
Macworld Expo 2007 show floor

 

Most Commented On (7 days)

Recent Comments

More Apple Analysis

More from AOL Money and Finance

AOL Radio TUAW on Stitcher