Security Update 2004-05-04

Posted:
in macOS edited January 2014
new security update, fixes helpviewer released today





EDIT:whoops, i meant 2004-05-24, can a mod fix the title?

Comments

  • Reply 1 of 7
    mpmoriartympmoriarty Posts: 289member
    Finally.



    I was wondering when Apple was going to get around releasing this fix. This browser/help viewer exploit was a scary thing.



    Mike
  • Reply 2 of 7
    mattjohndrowmattjohndrow Posts: 1,618member
    yeah, it was scary there for a while
  • Reply 3 of 7
    buonrottobuonrotto Posts: 6,368member
    How long did that take? A few days after hearing this? I don't mind Apple downplaying security issues as long as they fix them quickly.



    These exploits are so interesting to me. Most if not all of them are actually problems inherited from older Mac OSes, or rather, solutions to problems in older versions of the Mac OS that have turned into new problems for this one. It goes to show how poor the Classic OS was as a network citizen, that they didn't really have to worry about these things. Mac OS X has taken these in as legacy code, and it's actually hurt them since the OS is so much more complete as a network citizen. In a networked world, the greater good does hold back or kill some potential or former user-friendly features. A lot of people were upset at Apple for not adopting more legacy Mac OS features (the disdain for HFS metadata being the most obvious example) that benefitted users. We can see that maybe they didn't take away enough of those things to protect their users in a modern computing environment.
  • Reply 4 of 7
    mpmoriartympmoriarty Posts: 289member
    Can anyone confirm that this security update actually patches the problem?



    I've been coming across some websites that say the threat of this exploit isn't gone yet.



    Mike
  • Reply 5 of 7
    defiantdefiant Posts: 4,876member
    Quote:

    Originally posted by BuonRotto

    How long did that take? A few days after hearing this? I don't mind Apple downplaying security issues as long as they fix them quickly.



    They knew about this for some time now. I believe they were informed in February. Actually, on the 23rd of February. Quick you say? Nah. Only after it became public they got their head out of their ass.



    The proof on concept to test it again: http://www.insecure.ws/article.php?s...04051612423136
  • Reply 6 of 7
    pbpb Posts: 4,233member
    Quote:

    Originally posted by Defiant

    They knew about this for some time now. I believe they were informed in February. Actually, on the 23rd of February. Quick you say? Nah. Only after it became public they got their head out of their ass.





    Not only that, but as this long MacNN thread indicates, there are other vulnerabilities related to several protocols that would allow exploits. See also this Secunia advisory. The patch Apple released deals only with the "help:" vulnerability. At this moment, MacOS X is open to serious attack.
  • Reply 7 of 7
    bnoyhtuawbbnoyhtuawb Posts: 456member
    Quote:

    Originally posted by Defiant

    They knew about this for some time now. I believe they were informed in February. Actually, on the 23rd of February. Quick you say? Nah. Only after it became public they got their head out of their ass.



    The proof on concept to test it again: http://www.insecure.ws/article.php?s...04051612423136




    You'll find a good reading here in german (albeit not swiss german ).



    Generally it says:

    - download RCDefaultApp

    - remap the following to disabled

    * disk:

    * disks:

    * telnet:

    * afp:

    * ftp:
Sign In or Register to comment.