or Connect
AppleInsider › Forums › Software › Mac OS X › Apple posts Mac OS X 2007-007, Safari beta 3 security updates
New Posts  All Forums:Forum Nav:

Apple posts Mac OS X 2007-007, Safari beta 3 security updates

post #1 of 23
Thread Starter 
Two comprehensive security updates have been released that guard both Mac OS X and the test version of Safari 3 against several critical web and networking exploits.

Mac OS X Security Update 2007-007

Apple on Tuesday night released its seventh Mac OS X security patch of 2007, releasing versions for Panther (Client, Server) as well as variants for Tiger users on PowerPC systems (Client, Server) and newer Intel Macs (Client, Server).

Most of the changes affect all platforms, and close off potential buffer overflows and maliciously designed links that could lead to arbitrary code running in open-source components of the Mac OS, including bzip2, gnuzip, Kerberos, PHP, and Samba networking. Memory overflow exploits in iChat as well as the Java virtual machine's access to the CoreAudio platform were also addressed, Apple said.

Multiple WebCore and WebKit flaws that could affect website and scripting have also been addressed and mirror similar security changes made in the iPhone 1.0.1 Update also released on Tuesday.

Patches were also applied to Tiger-specific security issues, including mDNSResponder, PDFKit, and Quartz Composer. Users of Server editions also saw fixes in SquirrelMail and Tomcat.

Safari 3 Beta Update 3.0.3

Testers of the Safari 3 beta have also received fixes to the browser's web rendering code, Apple noted.

The four alterations to the code largely mirror those made for the iPhone and Mac OS X, including false characters in International Domain Name URLs and maliciously-written Perl.

Most of the vulnerabilities apply both to Mac OS X Tiger and Windows users with the exception of a new, Windows-only buffer overflow caused by adding bookmarks with unusually long titles, which are now automatically shortened with the 3.0.3 update.
post #2 of 23
Good to see updates that will further protect Mac OS X users.
post #3 of 23
I just noticed the actions tab in the customize toolbar section. It allows you copy the page in various formats, pull CSS, Javascript and cookies from the page you are viewing. It will also show page info and arrange tabs. It may have been there since 3.0 but I just noticed it and it is very powerful for web designers and hackers alike. Most cool!
post #4 of 23
I've found Safari v. 3 to crash much more than v. 2.

The past few days esp., it's been crashing like crazy on both machines I use. Installed the new update, which is supposed to fix some stability issues, and it's crashed twice since then.
post #5 of 23
People love to say things like the only reason OS X is more secure is because not many people care. If they did, then Apple would be flooded with all the problems Windows has. This proves them wrong.

Apple cares about security, I have no doubt that if OS X recieved the attention that Windows does the security team would continue to be on the ball. Microsoft leaves critical holes open in their software for years, they don't care. I look forward to the day when Apple has a 40% market share in the OS catagory and it remains as secure as it today... much to dismay of a lot of depressed pundents.

Quote:
Originally Posted by melgross View Post

I've found Safari v. 3 to crash much more than v. 2.

The past few days esp., it's been crashing like crazy on both machines I use. Installed the new update, which is supposed to fix some stability issues, and it's crashed twice since then.

That must be why they call it BETA. That's French for "We're not finished yet, dammit!".

Personally, Safari RSS is still the best browser in the world... The only thing I think comes close is Camino (And it still can't pass acid 2). I can wait until October to drag my tabs all over creation.
"Picasso had a saying, 'Good artists copy, great artists steal.' And we've always been shameless about stealing great ideas."
Reply
"Picasso had a saying, 'Good artists copy, great artists steal.' And we've always been shameless about stealing great ideas."
Reply
post #6 of 23
software updates pre-hardware release?!
"We're Apple. We don't wear suits. We don't even own suits."
Reply
"We're Apple. We don't wear suits. We don't even own suits."
Reply
post #7 of 23
Quote:
Originally Posted by melgross View Post

I've found Safari v. 3 to crash much more than v. 2.

The past few days esp., it's been crashing like crazy on both machines I use. Installed the new update, which is supposed to fix some stability issues, and it's crashed twice since then.

Ever since I switched to Safari 3, I've had an annoying problem that any time I try to download a PDF it crashes. It has never once worked for me - and it is configured to work with Preview - not some weird 3rd party app. I've reported it to Apple via the Bug Report but it does not sound like a fix has been provided. Too bad....back to Camino with me.
post #8 of 23
My office has a PowerMac G5. The user applied the Security Update with this morning's Software Updates, and after choosing "Reboot" she could not boot into OS X. The process started to hang after the "Printing Services" item during boot up, and then the screen cleared and she got the "Reboot Computer" screen with the power button graphic and multi-language instructions telling her to reboot the computer.

This continues to happen after multiple reboots.

We have reset the PRAM, gone into open firmware (it's a PowerMac) and reset-all, and now on the line with AppleCare, did a repair disk.

Has anybody experienced similar issues?
post #9 of 23
Quote:
Originally Posted by AeronPrometheus View Post

People love to say things like the only reason OS X is more secure is because not many people care. If they did, then Apple would be flooded with all the problems Windows has. This proves them wrong.

Apple cares about security, I have no doubt that if OS X recieved the attention that Windows does the security team would continue to be on the ball. Microsoft leaves critical holes open in their software for years, they don't care. I look forward to the day when Apple has a 40% market share in the OS catagory and it remains as secure as it today... much to dismay of a lot of depressed pundents.

You seem to be forgetting the security patch which was just applied to 10.3.9 machines a few months back. Both companies care about security, and while I love my Mac's, Apple isn't going to have 40% market share and not have security problems.
post #10 of 23
Here's the whole patch list. I was going to copy/paste, but it's pretty long...
post #11 of 23
Quote:
Originally Posted by AeronPrometheus View Post


That must be why they call it BETA. That's French for "We're not finished yet, dammit!".

Sorry, not a good excuse.

When beta's are released to developers, this can be expected. I do beta testing for several companies.

But, when a beta is released to the public, it had damn better be stable. Those beta's are just feature shy versions normally, not crash prone, even if they are not quite as stable as the finished version should be.
post #12 of 23
Quote:
Originally Posted by Shintocam View Post

Ever since I switched to Safari 3, I've had an annoying problem that any time I try to download a PDF it crashes. It has never once worked for me - and it is configured to work with Preview - not some weird 3rd party app. I've reported it to Apple via the Bug Report but it does not sound like a fix has been provided. Too bad....back to Camino with me.

Mine crashes randomly.

EDIT:

It crashed 15 seconds after I posted the above.

Yup, I've reinstalled, and gone through all the procedures.
post #13 of 23
Quote:
Originally Posted by Shintocam View Post

Ever since I switched to Safari 3, I've had an annoying problem that any time I try to download a PDF it crashes. It has never once worked for me - and it is configured to work with Preview - not some weird 3rd party app. I've reported it to Apple via the Bug Report but it does not sound like a fix has been provided. Too bad....back to Camino with me.

That happens to me as well.
post #14 of 23
No real change here after updating (airport patch).

My MacBook is still really slow to connect to the WLAN (airport express) after waking from sleep.

This started happening after applying the security patch that was released around the time of 10.4.10 (sorry don't remember the number) and the problem is still here.
I have tried to delete the airport .plist files and re-create my connection, but no improvment. Maybe I am doing something wrong....

I also have a bit of a bad connection sometimes (loses a bar or two signal strength).

Hopefully 10.4.11 fixes both of these problems. Otherwise I'll wait for Leopard (don't want to re-install).
post #15 of 23
I don't know if this is a new feature with this update or if this existed earlier - in addition to being able to rearrange tabs, it is possible to click on a tab and drag it out of safari onto the desktop and make it a separate window. The effect while doing this is really cool.

Cheers
post #16 of 23
Quote:
Originally Posted by tilt View Post

I don't know if this is a new feature with this update or if this existed earlier - in addition to being able to rearrange tabs, it is possible to click on a tab and drag it out of safari onto the desktop and make it a separate window. The effect while doing this is really cool.

Cheers

Yeah, it's always existed, I think that Jobs even demoed it at WWDC. None-the-less is a cool feature, although I still prefer FF.
Serving humanity one sarcastic comment at a time.
Reply
Serving humanity one sarcastic comment at a time.
Reply
post #17 of 23
Quote:
Originally Posted by StuBeck View Post

You seem to be forgetting the security patch which was just applied to 10.3.9 machines a few months back. Both companies care about security, and while I love my Mac's, Apple isn't going to have 40% market share and not have security problems.

Was that a standing bug since April of 2005 or was that something that they just recently discovered? Microsoft has been notorious for leaving ciritical flaws open for years before attempting to fix them. That's part of the reason why I use Apples now, I'd been a Windows user since 3.1. i'll never go back.

Quote:
Originally Posted by melgross View Post

Sorry, not a good excuse.

When beta's are released to developers, this can be expected. I do beta testing for several companies.

But, when a beta is released to the public, it had damn better be stable. Those beta's are just feature shy versions normally, not crash prone, even if they are not quite as stable as the finished version should be.

Or did they think that submitting the unfinished software to public would help them nail down obscure bugs quicker? It's very probable that they know the newest pre-release of Safari 3 crashes more, they may be in the middle of doing something major to the framework, but i'm pretty sure that the additional million plus eyes noticing flaws will allow them to be exterminated quicker. Maybe they needed the extra help to make Safari 3 solid for October? What better way to expedite fixes than to expose them to the billions of Mac and Windows users?

It's not like this is common thing for Apple, nor is pre-releasing software. The Boot Camp beta has been more solid for me than most final version Microsoft apps.
"Picasso had a saying, 'Good artists copy, great artists steal.' And we've always been shameless about stealing great ideas."
Reply
"Picasso had a saying, 'Good artists copy, great artists steal.' And we've always been shameless about stealing great ideas."
Reply
post #18 of 23
Quote:
Originally Posted by Shintocam View Post

Ever since I switched to Safari 3, I've had an annoying problem that any time I try to download a PDF it crashes. It has never once worked for me - and it is configured to work with Preview - not some weird 3rd party app.

That makes the two of us. Mine does not crash however, the Safari browser window dissappears all of a sudden. After that, I am kindly requested whether I want to reopen Safari. So, I have to say bogus to Apple.

I am now using Firefox which allows PDF friendly tabbed browsing. It even has a horizontal tubular thing on the right top corner, so one could get rid of the big imposing grey block
post #19 of 23
Quote:
Originally Posted by mr O View Post

I am now using Firefox which allows PDF friendly tabbed browsing. It even has a horizontal tubular thing on the right top corner, so one could get rid of the big imposing grey block

MacBook Pro 17" Glossy 2.93GHz, iPad 64GB, iPhone 4 16GB, and a lot of other assorted goodies.

If you're a troll and you have been slain. Don't be a Zombie.
Reply
MacBook Pro 17" Glossy 2.93GHz, iPad 64GB, iPhone 4 16GB, and a lot of other assorted goodies.

If you're a troll and you have been slain. Don't be a Zombie.
Reply
post #20 of 23
Quote:
Originally Posted by AeronPrometheus View Post

Was that a standing bug since April of 2005 or was that something that they just recently discovered? Microsoft has been notorious for leaving ciritical flaws open for years before attempting to fix them. That's part of the reason why I use Apples now, I'd been a Windows user since 3.1. i'll never go back.



Or did they think that submitting the unfinished software to public would help them nail down obscure bugs quicker? It's very probable that they know the newest pre-release of Safari 3 crashes more, they may be in the middle of doing something major to the framework, but i'm pretty sure that the additional million plus eyes noticing flaws will allow them to be exterminated quicker. Maybe they needed the extra help to make Safari 3 solid for October? What better way to expedite fixes than to expose them to the billions of Mac and Windows users?

It's not like this is common thing for Apple, nor is pre-releasing software. The Boot Camp beta has been more solid for me than most final version Microsoft apps.

The point is that Apple has not been known for aggressively hunting down bugs or security flaws, until they were pushed into it.

The truth is that whatever MS does or doesn't do, is irrelevant to whatever Apple does, or doesn't do.

MS has the advantage of being on a position of security regards to its product marketshare. Even if MS didn't come out with Vista, its sales would continue to increase. Even with Vista being less than it should be, it will become adopted, and be the standard.

Apple is in no such position.

It's like boxing. When the champion fights a challenger, unless he wins by a knockdown, the champion gets the benefit of the doubt. The odds are stacked in his favor, and the challenger must do better than to just barely win on points. He must have clearly won the fight.

Apple must also clearly be better in all ways for Windows users, personal, educational, corporate, and governmental, to win their fight.

Apple has great momentum now, but it isn't because Apple is being seen as so great on their own. It's also because MS is increasingly being seen as falling down. It's just in the early rounds.

But, like the challenger, if Apple isn't clearly better, the opinions will change, and people will see Apple as being not much better than MS, and will therefor see no reason to go to the bother, and expense, of changing.

If Apple, therefor, releases public beta's that people see as flawed, particularly the Windows version, which has been roundly criticized, this will not enhance Apple's standing. People will think that Apple is just as flawed as MS.

You can't look to these beta's as Apple's chance to wring them out in public. You have to look at them as a publicity move, as well as a move to integrate Webkit across the personal computing, and cell browser industries.

If you don't see that, then you're missing a big point of the releases.

But, if they are too buggy, it will backfire.

I defend Apple too, But, when they're wrong, they're wrong, and no excuses made for them will change that.
post #21 of 23
Quote:
Originally Posted by mr O View Post

That makes the two of us. Mine does not crash however, the Safari browser window dissappears all of a sudden. After that, I am kindly requested whether I want to reopen Safari. So, I have to say bogus to Apple.

I am now using Firefox which allows PDF friendly tabbed browsing. It even has a horizontal tubular thing on the right top corner, so one could get rid of the big imposing grey block

That's a crash.
post #22 of 23
Quote:
Originally Posted by melgross View Post

...It's like boxing. When the champion fights a challenger, unless he wins by a knockdown, the champion gets the benefit of the doubt. The odds are stacked in his favor, and the challenger must do better than to just barely win on points. He must have clearly won the fight....

Continuing with your boxing metaphor: MS showed up drunk to this round of the match. But they have some real haymakers that they can throw if they get desparate--like ending Office for Mac.

Still, I have to say that Apple's efforts in Win Safari are pretty bad. I have used many beta programs in the past and Safari is the worst I have tried out in a long time.
"Too much of a good thing is great." Mae West
Reply
"Too much of a good thing is great." Mae West
Reply
post #23 of 23
Quote:
Originally Posted by AeronPrometheus View Post

Was that a standing bug since April of 2005 or was that something that they just recently discovered? Microsoft has been notorious for leaving ciritical flaws open for years before attempting to fix them. That's part of the reason why I use Apples now, I'd been a Windows user since 3.1. i'll never go back.



Or did they think that submitting the unfinished software to public would help them nail down obscure bugs quicker? It's very probable that they know the newest pre-release of Safari 3 crashes more, they may be in the middle of doing something major to the framework, but i'm pretty sure that the additional million plus eyes noticing flaws will allow them to be exterminated quicker. Maybe they needed the extra help to make Safari 3 solid for October? What better way to expedite fixes than to expose them to the billions of Mac and Windows users?

It's not like this is common thing for Apple, nor is pre-releasing software. The Boot Camp beta has been more solid for me than most final version Microsoft apps.

I'm not sure, honestly. I wouldn't trust either company to tell us the truth about when they knew about the problem and when they actually fixed it.

Boot camp for me has been pretty bad, its no where near the same experience that running on a real PC has been. It blue screened on me twice installing XP with bootcamp 1.1. Its finally to a level where it is close to being used with a real PC, but I had driver issues in Vista, where I had none on my X31 or desktop.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Apple posts Mac OS X 2007-007, Safari beta 3 security updates