Apple releases iTunes, Front Row, iPhoto, Security updates

Posted:
in Mac Software edited January 2014
Apple this afternoon released software updates for iTunes, Front Row, and iPhoto to coincide with new Front Row software features announced at Tuesday's media event. Security updates were also issued for both Mac OS X Tiger 10.4.5 and Mac OS X Panther 10.3.9.



iTunes 6.0.4



With iTunes 6, you can preview, buy, and download over 3,000 music videos and hit TV shows on the iTunes Music Store and sync your music and purchased videos with iPod to enjoy on the go. To watch purchased videos, you must have QuickTime 7.0.3 or later and Mac OS X 10.3.9 or later. iTunes 6.0.4 (19.5MB) addresses stability and performance issues related to Front Row.



Front Row 1.2.1



With Front Row, you can enjoy full-screen music, photos, videos, and DVDs on your Macintosh using a simple Apple remote control. This Front Row 1.2.1 (5.5MB) improves compatibility with iTunes and iPhoto sharing.



iPhoto 6.0.2



iPhoto has always been the best way to easily import photos from your digital camera, organize them for fast retrieval, and then share them with family and friends. iPhoto 6.0.2 (13.7MB) resolves several minor issues with playing shared slideshows in Front Row.



Security Update 2006-001 Mac OS X 10.4.5 (PPC)



Security Update 2006-001 (12.5MB) is recommended for all users and improves the security of the following components: apache_mod_php, automount, Bom, Directory Services, iChat, IPSec, LaunchServices, LibSystem, loginwindow, OpenSSH, rsync, Safari, and Syndication.



Security Update 2006-001 Mac OS X 10.4.5 (Intel)



Security Update 2006-001 (22.5MB) is recommended for all users and improves the security of the following components: apache_mod_php, automount, Bom, Directory Services, iChat, IPSec, LaunchServices, LibSystem, loginwindow, OpenSSH, rsync, Safari, and Syndication.



Security Update 2006-001 (10.3.9 Client)



Security Update 2006-001 (25.3MB) is recommended for all users and improves the security of the following components: apache_mod_php, automount, Bom, Directory Services, IPSec, LibSystem, loginwindow, perl, Safari.



Security Update 2006-001 (10.3.9 Server)



Security Update 2006-001 (38.6MB) is recommended for all users and improves the security of the following components: apache_mod_php, automount, Bom, Directory Services, IPSec, LibSystem, loginwindow, perl, Safari.

Comments

  • Reply 1 of 17
    wgauvinwgauvin Posts: 100member
    From Apple's website



    Mail

    Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5



    Impact: Download Validation fails to warn about unsafe file types



    Description: In Mac OS X v10.4 Tiger, when an email attachment is double-clicked in Mail, Download Validation is used to warn the user if the file type is not "safe". Certain techniques can be used to disguise the file's type so that Download Validation is bypassed. This update addresses the issue by presenting Download Validation with the entire file, providing more information for Download Validation to detect unknown or unsafe file types in attachments.



    Safari, LaunchServices

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5



    Impact: Viewing a malicious web site may result in arbitrary code execution



    Description: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9).



    iChat

    A malicious application named Leap.A that attempts to propagate using iChat has been detected. With this update for Mac OS X v10.4.5 and Mac OS X Server v10.4.5, iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers.



    WOHOO! They didn't take long to fix that. Still, it shouldn't of been the problem in the first place



    Edit: added info about iChat
  • Reply 2 of 17
    chrisgchrisg Posts: 239member
    While Safari/Mail/iChat now warns you the resulting file still looks like an image/movie/etc. Nothing is done to show you that there is code in the file. If you just mindlessly click the "Download" button (Like most people do since it seems Safari warns you about everything you download) the file doesn't get auto run but a File.jpg will still be on your Desktop which you might come to later and double click to see what the heck it is. And boom.... Terminal opens your home directory all gone... hope you had a backup.



    They should warn you if a image is trying to open in Terminal.... not something you would normally do.
  • Reply 3 of 17
    wgauvinwgauvin Posts: 100member
    Quote:

    Originally posted by ChrisG

    While Safari/Mail/iChat now warns you the resulting file still looks like an image/movie/etc. Nothing is done to show you that there is code in the file. If you just mindlessly click the "Download" button (Like most people do since it seems Safari warns you about everything you download) the file doesn't get auto run but a File.jpg will still be on your Desktop which you might come to later and double click to see what the heck it is. And boom.... Terminal opens your home directory all gone... hope you had a backup.



    They should warn you if a image is trying to open in Terminal.... not something you would normally do.




    I agree, it comes down to the fact that these files have an associated 'Open with' doesn't match the default open with for the file type, this is what ultimately needs to be addressed.
  • Reply 4 of 17
    Strange problems with Front Row "Shared Music" after the update. Complains latest iTunes is required to see Shared Music even though iTunes is 6.0.4, the latest. Front Row->Photo->Shared Photos sees the Photos/Albums/Slide Shows in networked Macs. So Front Row is aware of Bonjour, but some reason iTunes is not able to work with it. However, on the regular desktop iTunes detects Shared Libraries and play music from networked macs. Even strange is when iTunes is playing music from networked mac, going into Front Row and selecting next track, volume, etc. works fine. So there is a bug in the "Shared Music" part of Front Row. Running this on a iMac Intel. Networked macs are G4 and G3 iMacs.
  • Reply 5 of 17
    dr_gonzodr_gonzo Posts: 16member
    They're still not fixing the problem that the file's type is identified purely by the extension name. What happens if the "open safe files" option is unchecked? The user will download the file and then double click it. Finder still shows the shell script as a movie/image/whatever.



    This is requires a trivial fix too. The 3 following changes would prevent this existing security problem from appearing ever again:



    1) Instead of the system identifying a file type from its extension, it should identify it by its magic number (see man file for an explanation of this).



    2) An icon of a normal file should not be changeable. If the icon of an image is set to something different, the icon should be used for all icons.



    3) Executable files' icons should have a little image on them to show that they're executable in the same way that aliases have a little arrow on them to show that they are aliases.



    I wonder why Apple don't fix this security hole once and for all.
  • Reply 6 of 17
    The update to Front Row is much appreciated. It has a few new goodies, and is much, much more responsive on my 1.83 GHz MBP. Also, it no longer crashes when my Movies folder (or any of its subfolders) contains files that QuickTime can't play, though it does when it attempts to play them.
  • Reply 7 of 17
    maiklmaikl Posts: 4member
    Seems like the advice "disable the open 'safe files' option" became dangerous.



    In this case there's no warning when the zop file gets downloaded. And no warning when it gets unzipped. And no warning when a user clicks on it.
  • Reply 8 of 17
    dhagan4755dhagan4755 Posts: 2,148member
    Quote:

    Originally posted by boardwalk2

    Strange problems with Front Row "Shared Music" after the update. Complains latest iTunes is required to see Shared Music even though iTunes is 6.0.4, the latest.



    I, too, am experiencing this on both the MBP and the iMac G5.
  • Reply 9 of 17
    xoolxool Posts: 2,460member
    Uh oh, Software Update is hanging when installing the iTunes update. I see Force Quit in my future...
  • Reply 10 of 17
    eduardoeduardo Posts: 181member
    "Hi Microsoft Windows Update! Oh, it's OSX software update".



    Enough, with the patches!!



    I recently converted to OSX after using everything from MS-DOS 6.0+, to Win 3.1 all the way to Win XP Professional. I was tired of the almost weekly patches. Ugh.
  • Reply 11 of 17
    Quote:

    Originally posted by Xool

    Uh oh, Software Update is hanging when installing the iTunes update. I see Force Quit in my future...



    I had the same problem. Luckily I did a install and keep package. I installed the package through Installer and everything went fine. But I had the same issue with another update a couple weeks ago, so this isn't a good sign.



    At least the 10.4.5 update installed with problems, I'd hate to have that stall forever halfway.
  • Reply 12 of 17
    Quote:

    Originally posted by Eduardo

    "Hi Microsoft Windows Update! Oh, it's OSX software update".



    Enough, with the patches!!



    I recently converted to OSX after using everything from MS-DOS 6.0+, to Win 3.1 all the way to Win XP Professional. I was tired of the almost weekly patches. Ugh.




    Patches aren't released all that often, really. But so what? I'd rather be patched than vulnerable.
  • Reply 13 of 17
    dutch peardutch pear Posts: 588member
    Quote:

    Originally posted by Purgatory

    The update to Front Row is much appreciated. It has a few new goodies, and is much, much more responsive on my 1.83 GHz MBP. Also, it no longer crashes when my Movies folder (or any of its subfolders) contains files that QuickTime can't play, though it does when it attempts to play them.



    Having the same problem with Frontrow crashing on movie files quicktime apparently can't handle. Also it says it can't access the movie trailer server.
  • Reply 14 of 17
    toweltowel Posts: 1,479member
    Quote:

    Originally posted by dr_gonzo

    3) Executable files' icons should have a little image on them to show that they're executable in the same way that aliases have a little arrow on them to show that they are aliases.



    I don't understand why they don't do this. It should be trivially simple, since it can rely on the execute bit that must already be set for that file. Aliases must work the same way, using the UNIX link designation (hard links and symbolic links both appear in the Finder as Aliases). Directories are considered executable, but can be trivally ignored. Yeah. I don't get it. It would solve the problem so simply and elegantly, by just having the execute bit trump the file extension in the Finder.
  • Reply 15 of 17
    Paranoid Android does what Apple did NOT do....fix the problem:



    http://www.unsanity.com/haxies/pa
  • Reply 16 of 17
    Quote:

    Originally posted by DHagan4755

    I, too, am experiencing this on both the MBP and the iMac G5.



    As strange as the problem appeared, it got resolved even strangely this morning. Nothing changed or no other updates were applied. Makes me wonder if it has to do with date. Oh well, the problem is gone as I am able see the "Shared Music" and "Shared Movies" from Front Row.
  • Reply 17 of 17
    Well, I installed the updates today on my 17" G5 iMac...



    And Front Row no longer works.



    The one glitch about the machine is that the infrared remote isn't all that responsive, but now, it simply doesn't work. I know it's not the remote, because when I was forced to open Quicktime and expand a video file to its largest size possible to watch it, Front Row opened up suddenly about 15 minutes later, even though I hadn't used the remote the entire time. When I used the remote again to close Front Row, it actually worked.



    But it hasn't responded since. Anyone else have this problem?



    GTSC
Sign In or Register to comment.