Apple releases Security Update 2005-009, Aperture arrives
Security Update 2005-009
Apple on Tuesday released Security Update 2005-009, which delivers a number of security enhancements and is recommended for all Macintosh users.
According to the release notes, the update addresses issues with apache_mod_ssl, CoreFoundation, CoreTypes, curl, iodbcadmin, OpenSSL, Safari, sudo, and syslog.
Most notably, the update rectifies issues where: local users may gain elevated privileges; maliciously-crafted URLs may result in crashes or arbitrary code execution;applications using OpenSSL may be forced to use the weaker SSLv2 protocol;local users on Open Directory master servers may gain elevated privileges;Safari may download files outside of the designated download directory;JavaScript dialog boxes in Safari may be misleading;visiting malicious web sites with WebKit-based applications may lead to arbitrary code execution;local users may be able to gain elevated privileges in certain sudo configurations;system log entries may be forged;
Security Update 2005-009 also includes enhancements to Safari to improve handling of credit card security codes (Mac OS X v10.3.9 and Mac OS X v10.4.3), CoreTypes to improve handling of Terminal files (Mac OS X v10.4.3), QuickDraw Manager to improve rendering of PICT files (Mac OS X v10.3.9), documentation regarding OpenSSH and PAM (Mac OS X v10.4.3), and ServerMigration to remove unneeded privileges.
Aperture arrives on doorsteps
Also on Tuesday, several readers wrote in to share their excitement at receiving the first shipping copies of Aperture, Apple's new "everything you need for after the shoot" post-production tool for professional (or amateur) photographers.
It was previously reported that Aperture was due to ship on November 30th (tomorrow) after Amazon.com published the release date on its website. The online retailer is offering an instant $50 markdown on the software, bringing the cost down to $449.
Apple on Tuesday released Security Update 2005-009, which delivers a number of security enhancements and is recommended for all Macintosh users.
According to the release notes, the update addresses issues with apache_mod_ssl, CoreFoundation, CoreTypes, curl, iodbcadmin, OpenSSL, Safari, sudo, and syslog.
Most notably, the update rectifies issues where: local users may gain elevated privileges; maliciously-crafted URLs may result in crashes or arbitrary code execution;applications using OpenSSL may be forced to use the weaker SSLv2 protocol;local users on Open Directory master servers may gain elevated privileges;Safari may download files outside of the designated download directory;JavaScript dialog boxes in Safari may be misleading;visiting malicious web sites with WebKit-based applications may lead to arbitrary code execution;local users may be able to gain elevated privileges in certain sudo configurations;system log entries may be forged;
Security Update 2005-009 also includes enhancements to Safari to improve handling of credit card security codes (Mac OS X v10.3.9 and Mac OS X v10.4.3), CoreTypes to improve handling of Terminal files (Mac OS X v10.4.3), QuickDraw Manager to improve rendering of PICT files (Mac OS X v10.3.9), documentation regarding OpenSSH and PAM (Mac OS X v10.4.3), and ServerMigration to remove unneeded privileges.
Aperture arrives on doorsteps
Also on Tuesday, several readers wrote in to share their excitement at receiving the first shipping copies of Aperture, Apple's new "everything you need for after the shoot" post-production tool for professional (or amateur) photographers.
It was previously reported that Aperture was due to ship on November 30th (tomorrow) after Amazon.com published the release date on its website. The online retailer is offering an instant $50 markdown on the software, bringing the cost down to $449.
Comments
Originally posted by aplnub
I applied the update without reading I had to do a restart. Oopss. I was able to cancel the restart. Are there are negative effects from not restarting computer after applying an update such as this one (besides not taking advantage of the update)?
Everything looks fine to me after restart.
It takes forever to boot back up, and now it asks for my login and password. But, it won't accept my login or password. I have tried resetting it, but that doesn't seem to work. The security update worked so well on my computer that I cannot even use it.
I thought that OSX was so amaizing that it was 100% totally secure from day one!
I'm switching back to Windows!
Originally posted by skatman
I thought it was only Windows that required security updates?
I thought that OSX was so amaizing that it was 100% totally secure from day one!
I'm switching back to Windows!
lol
the difference is apple fixes problems when it finds them
microsoft fixes problems after they have been exploited and your computer is ...well...dead.
stu
Originally posted by Slotracer152
Restart sucked for me.
It takes forever to boot back up, and now it asks for my login and password. But, it won't accept my login or password. I have tried resetting it, but that doesn't seem to work. The security update worked so well on my computer that I cannot even use it.
I got it to work. All I had to do was run an archive an install.
after having this and some other trouble recently, I decided to just format and start fresh. Other than some of my music files coming up corrupted, which seems to happen to me far too often, everything seems to be running great.
Originally posted by stustanley
lol
the difference is apple fixes problems when it finds them
microsoft fixes problems after they have been exploited and your computer is ...well...dead.
stu
If that is the case, how come my PC hasn't died yet?
Originally posted by skatman
If that is the case, how come my PC hasn't died yet?
Cause you are more savy than the 99 bagillion souls who have a dell in the world...
I have several PC's just in my house. They are not dead, one has never crashed, but there is no way they could handle the video production I put my Mac through and not require a restart for 40+ days... I have tried to run my PC for 40 + days doing almost nothing on it. I never could make it, wether it was being used or not, after about 14 days it starts to act up and needs a restart...
Originally posted by stustanley
the difference is apple fixes problems when it finds them
microsoft fixes problems after they have been exploited and your computer is ...well...dead.
From what I have noticed, Microsoft does indeed patch things quite quickly. The really bad virus outbreaks affect the people who just don't update their computers with the patches.
Originally posted by JDraden
From what I have noticed, Microsoft does indeed patch things quite quickly. The really bad virus outbreaks affect the people who just don't update their computers with the patches.
Yeah...when was the last time you saw Apple quickly patch because of a virus out break? Exactly. Never. Not so high and mighty about Apple now are you?
Originally posted by Slotracer152
Yeah...when was the last time you saw Apple quickly patch because of a virus out break? Exactly. Never. Not so high and mighty about Apple now are you?
Doesn't have anything to do with security of OS X, but rather with lack of people trying to hack it.
Cause you are more savy than the 99 bagillion souls who have a dell in the world...
Perhaps the problem is not with the Windows OS, but with Dell. And I would totally agree there.
I never could make it, wether it was being used or not, after about 14 days it starts to act up and needs a restart...
Hehe... I do a lot of stuff on my PCs including video compression, editing, scientific computing, gaming, and I never have to restart except for updates.
Originally posted by skatman
[B]Doesn't have anything to do with security of OS X, but rather with lack of people trying to hack it.
Yeah, right.
Originally posted by Slotracer152
Yeah...when was the last time you saw Apple quickly patch because of a virus out break? Exactly. Never. Not so high and mighty about Apple now are you?
When's the last time there was a "virus outbreak" on Mac OS X?
Originally posted by Slotracer152
Restart sucked for me.
It takes forever to boot back up, and now it asks for my login and password. But, it won't accept my login or password. I have tried resetting it, but that doesn't seem to work. The security update worked so well on my computer that I cannot even use it.
Mine took forever to start up as well but luckily that was the only issue I can find.
Strange as it only affects one user on the system.
After install safari won't do much more than 1 page load before crashing. Yet it will load and run fine for other users.
I did an archive and install and it still is crashing on that user.
I gues I will recover the data from that user and delete it and re-create the user again.
wierd.
Apple Tech Support was puzzled as well.
I did an archive and install and it still is crashing on that user.
Then the problem is in the "user settings" that Archive and Install re-copies back to the newly installed System. You might want to look through the description of Archive and Install to see if it has a list of what these settings are.
I seem to remember that Network is one of them; and of course if the Webkit or Safari preferences are corrupt, that would be copied over also.
You tried moving aside the ~/Library/Safari folder and the ~/Library/Preferences/com.apple.safari file (i.e. move them temporarily to the desktop and relaunch Safari)?