Apple releases Security Update 2008-002

[AppleInsider]

Apple on Tuesday afternoon released a massive security update targeting various versions of its Mac OS X and Mac OS X Server operating systems, and patching over 40 previously discovered flaws.

Among the most heavily addressed areas are AppKit, the CUPS unix printing environment, Foundation, and X11 -- all of which contained vulnerabilities that could lead to arbitrary code execution, unexpected application termination, or grant attackers unauthorized access to various system components.

A number of password and authentication issues were also addressed in the areas of Kerberos, Podcaster, Preview and Printing. For example, Apple said Mac OS X Server's Podcast Producer included a component that provided passwords to a subtask through arguments, potentially exposing the passwords to other local users. Likewise, Preview and Printing services contained flaws that could expose the contents of an encrypted PDF without prompting the user for a password.

Meanwhile, an Image Raw-related glitch made it possible for a maliciously crafted image to lead to an unexpected application termination or arbitrary code execution.

"A stack based buffer overflow exists in the handling of Adobe Digital Negative (DNG) image files. By enticing a user to open a maliciously crafted image file, an attacker may cause an unexpected application termination or arbitrary code execution," Apple said. "This update addresses the issue through improved validation of DNG image files. This issue does not affect systems prior to Mac OS X v10.5."

Other fixes address vulnerabilities in Apache, AFP, Application Firewall, CFNetwork, ClamAV, CoreFoundation, CoreServices, curl, Emacs, libc, mDNSResponder, notifyd, OpenSSH, pax archive utility, PHP, System Configuration, UDF, and Wiki Server. A full list is available here.

Security Update 2008-002 is available in three distinct distributions each for Mac OS X Client (Leopard, Universal, PPC) and Mac OS X Server (Leopard, Universal, PPC). Alternatively, you can run the Mac OS X Software Update mechanism located under the Apple menu to automatically receive the appropriate update for your system.

[ View this article at AppleInsider.com ]

[minderbinder]

A second update requiring a reboot in one day?

Seriously, they couldn't just hold Safari until this was ready so we'd only have to reboot once?

[lkrupp]

Quote:

Originally Posted by minderbinder

A second update requiring a reboot in one day?

Seriously, they couldn't just hold Safari until this was ready so we'd only have to reboot once?

Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".

[1013media]

Quote:

Originally Posted by lkrupp

Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".

I agree.. Rebooting gives me time to reheat the coffee that I've left to cool off to room temp, rendering it once again drinkable.

I'm curious if this fixes the core audio issues I've been having with pro-audio apps since the leopard upgrade. We shall see!

[Kevinneal]

Quote:

Originally Posted by 1013media

I agree.. Rebooting gives me time to reheat the coffee that I've left to cool off to room temp, rendering it once again drinkable.

I'm curious if this fixes the core audio issues I've been having with pro-audio apps since the leopard upgrade. We shall see!

Not for people with Portable Home Directories, can take ages with all the syncing, especially with Leopard

[aplnub]

Quote:

Originally Posted by lkrupp

Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".

I've never understood why we have to reboot for changes to take effect. All my applications close and I have to get everything opened back up and get in the rut of working again after I reboot. It may take less than 2 minutes but you loose 5 minutes or more doing the reboot.

[minderbinder]

Quote:

Originally Posted by lkrupp

Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".

Rebooting takes time, especially since it means I have to reload all the files I had open, which in my case takes a fairly long time.

It's great that it takes a minute for you. While the reboot is that quick, getting everything open again takes several times longer than that for me.

I AM losing some productivity. Nothing "obsessive compulsive" about it.

What is funny is that updating the windows version of QT doesn't require a reboot.

[eAi]

That's because the Windows version is not part of the OS.

[JeffDM]

Quote:

Originally Posted by lkrupp

Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".

I don't think it's about uptime. At least it isn't for me.

The rebooting itself maybe that fast, but getting all the programs running & open to their previous arrangement can takes considerably longer. Then there's all the data that is cached in memory too.

edit: oops, I missed minderbinder's response.

[JeffDM]

Quote:

Originally Posted by 1013media

I'm curious if this fixes the core audio issues I've been having with pro-audio apps since the leopard upgrade. We shall see!

I don't think that qualifies as a security issue, therefore, is probably not fixed with a security update.

[minderbinder]

Quote:

Originally Posted by JeffDM

I don't think it's about uptime. At least it isn't for me.

The rebooting itself maybe that fast, but getting all the programs running & open to their previous arrangement can takes considerably longer. Then there's all the data that is cached in memory too.

edit: oops, I missed minderbinder's response.

Yep.

I just timed the reboot and opening everything I had open before, and it was over 15 minutes. (When I add more ram (soon) and work on bigger projects that will go up even more.) I'm fine with doing that every few weeks.

But TWICE in one day is over a half hour lost. That's absolutely lost productivity and not an uptime fetish.

[JeffDM]

Quote:

Originally Posted by minderbinder

Yep.

I just timed the reboot and opening everything I had open before, and it was over 15 minutes. (When I add more ram (soon) and work on bigger projects that will go up even more.) I'm fine with doing that every few weeks.

But TWICE in one day is over a half hour lost. That's absolutely lost productivity and not an uptime fetish.

I had about eight minutes before I can do anything. I really can't even do uptime stuff anyway, sometimes UI stuff just breaks and the only way to fix it is to reboot. Sometimes, after a couple weeks, I can't rearrange stuff in iPhoto, or move around files in Finder and all UI cues don't work.

At least the Safari update can be justifiably delayed. I think it's probably a bad idea to delay a security update too long. I thought I did the Java update, I've got one coming now. Maybe I just put that one off.

[bclapper]

Quote:

Originally Posted by minderbinder

Yep.

I just timed the reboot and opening everything I had open before, and it was over 15 minutes. (When I add more ram (soon) and work on bigger projects that will go up even more.) I'm fine with doing that every few weeks.

But TWICE in one day is over a half hour lost. That's absolutely lost productivity and not an uptime fetish.

I usually update at the end of the day (or session) so a reboot isn't really an issue for me.
The "Restart will be required" message in the update pop-up gives the game away

[daenney]

Don't touch this update if you need SSH/SFTP functionality.
This update has broken ssh client for me and a number of other people as can be read here:
http://discussions.apple.com/thread....sageID=6859298

As you can see, the OpenSSH fixes/improvements actually cause segfaults with some systems, others seem unaffected.

Though the update might work just fine (other people don't have the issue), I'd stay away from it if you depend on this functionality for your work.

[lostkiwi]

I installed both the Safari and the Security Update together and I got the BSOD for over an hour. I hoped it would right itself, but in the end I gave up and did a hard restart of the system.
Safari seems to be OK, but I have no idea about the Sec Update. Does anyone know how to check if the Sec Update is actually installed? I ran the Software Update and it said that I was all up to date but I'm just not feeling the love on this one..

S.

[perryskeath]

Several people (including me) have found that Security Update 2008 -02 has disabled printing.
My wife's Mac is not updated yet, and it is still prints as usual on the same network.

Printing process simply stays at 14% completed -- doesn't go into hold. Communication test to printer says communication error.

Another user (Vinayak Vatsal) says
Okay, so I solved my problem by replacing the file
/usr/libexec/cups/filters/pstops
by the corresponding file from the 10.5.2 pkg budle (using Pacifist). I guess there must be something wrong with the binary shipped with the security update.

Details at:
http://discussions.apple.com/thread....861597#6861597

[zanshin]

Quote:

Originally Posted by minderbinder

Rebooting takes time, especially since it means I have to reload all the files I had open, which in my case takes a fairly long time.

It's great that it takes a minute for you. While the reboot is that quick, getting everything open again takes several times longer than that for me...

I've personally never believed that applying system-level security or application upgrades while working on open files was a good idea, regardless of platforms.

I'd suggest that updates be run at the end of a work period when the reboot will be least obtrusive. Of course, I've had co-workers who just got up and walked away from open and/or unsaved files for the night and expected to find everything fine in the morning. For folks like that, ANY restart of their computer will be annoying. But I've always found that redoing work that got lost or corrupted by an overnight power outage or an upgrade that went awry took far more time than reopening saved files.

Metaphorically speaking, stopping for gas reduces distance traveled over a set period of time, but not nearly as much as running out will.

[Abster2core]

Quote:

Originally Posted by zanshin

I've personally never believed that applying system-level security or application upgrades while working on open files was a good idea, regardless of platforms.

I'd suggest that updates be run at the end of a work period when the reboot will be least obtrusive. Of course, I've had co-workers who just got up and walked away from open and/or unsaved files for the night and expected to find everything fine in the morning. For folks like that, ANY restart of their computer will be annoying. But I've always found that redoing work that got lost or corrupted by an overnight power outage or an upgrade that went awry took far more time than reopening saved files.

Metaphorically speaking, stopping for gas reduces distance traveled over a set period of time, but not nearly as much as running out will.

Well put.

Perhaps another thing worth considering: we learned a couple of years ago to run Disk Utility's, "Verify/Repair Disk Permissions," prior to updating a Security Update or OS. And a standing order here is to run it after every software install or upgrade.

It may seem to some as a little overkill, but we do a lot of remote software development/service. Since we started doing it, our system downtime has been negligible and certainly not with many of the issues reported here or on Apple's Discussion forums.