toggle

AAPL Stock: 565.32 ( 0 )

Apple fixes QuickTime, other security flaws

updated 04:30 pm EDT, Mon October 4, 2004

Apple security update


Apple today released a security update to fix issues in file sharing, printing, QuickTime, and its bundled email server (postfix in Mac OS X 10 Server). Apple's Security Update 2004-09-30 "includes the following components: AFP Server, CUPS, NetInfoManager, postfix, and QuickTime." Specifically, the update fixes two Panther-related separate issues with Apple's file sharing protocol used by AFP Server, while recently discovered flaws in CUPS, affecting both Jaguar and Panther users, could allow local disclosure of passwords and a denial of service. Apple's also fixed a bug similar to the one that bit Microsoft last month, allowing attackers to execute arbitrary code when decoding the BMP image type (Microsoft's flaw was related to decoding of JPEG graphics.)

Apple noted that "The title of this security update does not match today's date," saying that parts of Cupertino and nearby cities experienced a power blackout late last week, which affected the actual release date.



It is available via the Mac OS X Software Update. are available on the web.


by MacNN Staff

print
email
(11)

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    10/04, 05:28pm | report spam | Reply |

    buggy

    Hmmm, where's all the "laughing at MS about viewing graphics" fools from last week, huh?

    Oh, and as for this comment:
    Apple's also fixed a bug similar to the one that bit Microsoft last month, allowing attackers to execute arbitrary code when decoding the BMP image type (Microsoft's flaw was related to decoding of JPEG graphics.)

    MS also had a separate bug (could've been the same thing in a different library, what do I know) with BMP images just like their JPG bug.

  1. Eriamjh

    Addicted to MacNN

    Joined: Oct 2001

    0
    10/04, 05:31pm | report spam | Reply |

    At least it's fixed.

    And i don't think many were aware of the BMP hack.

  1. redwood

    Fresh-Faced Recruit

    Joined: Oct 2003

    0
    10/04, 05:34pm | report spam | Reply |

    ummm....

    Yeah, this was a serious bug as well, but last I checked browsers don't typically show BMPs as images, they typically use JPEGs or GIFs.

  1. Person Man

    Professional Poster

    Joined: Jun 2001

    0
    10/04, 05:40pm | report spam | Reply |

    PNG bug

    EVERYONE (well, almost everyone) had a security flaw related to PNG graphics. Apple, Microsoft, and Linux were ALL affected by it.

  1. John Dwight

    Fresh-Faced Recruit

    Joined: Jul 1999

    0
    10/04, 07:24pm | report spam | Reply |

    QuickTime + iTunes

    It's my hope that the QuickTime update will improve MP3/AAC playback in iTunes. Tunes sound slightly distorted since the last updates to both QT and iT, as several threads on the Apple Discussions Board will attest.

    As for the trolling above, who cares about MSFT's products anyway?

  1. garyj

    Fresh-Faced Recruit

    Joined: Mar 1999

    0
    10/04, 10:43pm | report spam | Reply |

    Microsoft JPEG hole

    There's a BIG difference between Microsoft's "fix" for the problem and Apple's fix.
    With OSX, you install the Security Update, and you are DONE.

    With Microsoft, there at least 20 patches just for Microsoft products, and third-party apps can also be at risk if they used an affected DLL in their application.

    For some good reading, take a gander at this:
    http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

    Hmmm, seems like a BIG problem for Windows users...

  1. LouZer

    Fresh-Faced Recruit

    Joined: Nov 2000

    0
    10/05, 12:02am | report spam | Reply |

    Re: Microsoft JPEG Hole

    There's a BIG difference between Microsoft's "fix" for the problem and Apple's fix.
    With OSX, you install the Security Update, and you are DONE.

    With Microsoft, there at least 20 patches just for Microsoft products, and third-party apps can also be at risk if they used an affected DLL in their application.


    This is the exact same problem faced with the PNG issue mentioned above. THe problem lied in the PNG library, and any software using that code needed to be re-compiled and patched. Gee, just like all the software using the GDI+ on windows.

    Man, I hate the elitist attitude of Mac users who think somehow MS's problems are soooo different then their own.

  1. Glasspusher

    Fresh-Faced Recruit

    Joined: Oct 2000

    0
    10/05, 01:22am | report spam | Reply |

    zombies

    I hope this update will take all the SPYWARE off of my machine and remove it from the ranks of the SPAMBOTS

    Bwahahaha!

    Yeah, our problems are sooo like M$'s. OS X isn't perfect, neither is Linux, but compared to that swiss cheese Winblows, we're near bulletproof.

    -signed, elitist mac user

  1. eddd

    Fresh-Faced Recruit

    Joined: Dec 2001

    0
    10/05, 01:46am | report spam | Reply |

    bleh

    As a cross-platform administrator, I have to say that the problem appears almost solely with Microsoft products. Other browsers, operating systems etc., are at risk but it's the MS stuff that the malware writers go for. I'm currently running numerous fairly stable XP machines for general use (i.e., unrestrained web browsing, etc.), but I've had to do away with all MS software and services to maintain a stable environment. Mozilla and the others work, but the moment I allow IE or Office, the trouble starts.

    I'd like to hope that the Mac has a true advantage in this area (and I truly think it does with solid permissions management), but I wouldn't be surprised to see the safe zone shrink as the Mac becomes more popular.

    In any event, it's great to see MS get a full load of c*** stuck up their misguided and greedy attempts to manage your machine for you. And yet they still seem to be pursuing this approach. Guess there's nowhere else for them to go in order to grow revenues.

  1. msconvert

    Fresh-Faced Recruit

    Joined: May 2002

    0
    10/05, 10:33am | report spam | Reply |

    Re: Microsoft JPEG Hole

    It is not the same thing as M$! If windows used compartementalized programming techniques and API that don't change with every .0.1 version of BS M$ product then it would be the same as the Mac situation. I don't know of many security fixes and expecially this one that actually broke the functionality of 3rd party software. It is a known fact that this is why windows sucks and M$ problems are so different from our own...

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News