Apple fixes holes in Safari, Bluetooth, file sharing
updated 05:00 pm EST, Mon March 21, 2005
Apple security update
Apple today released , which it says delivers a number of security enhancements, including an important update to its Safari web browser. Recommended for everyone, it includes updated components for AFP Server, Bluetooth Setup Assistant CoreFoundation, Cyrus SASL, Folder permissions, Safari, and Samba. Apple says that it updated a Folder Permissions security hole and its AFP file sharing protocol to prevent a denial of service attack and discovery of the contents of a file "Drop Box" (where others can upload, but not view/download data). Apple also fixed exploits related to Mac OS X 10.3 Server, including multiple vulnerabilities in Cyrus IMAP (email protocol) and Mailman (email list server). The update also brings improvements to Cyrus SASL and fixes an important Safari Web exploit that allowed maliciously registered International Domain Names to mask as legitimate sites.
Major Safari Fix Included
03/21, 05:18pm reply
None of the usual Mac news sites have pointed out that this security update has a major fix for Safari.
Security Update 2005-003 updates Safari's support for International Domain Names (IDN) to prevent lookalike characters from being used to spoof the URL displayed in the address field, SSL certificate, or status bar.
For more information about IDN support in Safari and how Security Update 2005-003 affects it, see:
http://docs.info.apple.com/article.html?artnum=301116
Ralf_Wiggum
Fresh-Faced Recruit
Joined: May 2002
Not a security fix
03/21, 10:05pm reply
IDN support can't be used to break the security on your computer. It just makes certain kinds of "phishing" attacks (where someone fakes a company's website) easier, but it's still possible... being aware that people fake financial web sites and always logging on through your own bookmarks is the real protection against phishing.
resuna
Fresh-Faced Recruit
Joined: Jan 2005
Breaks user
03/22, 10:23am reply
Ok. Yesterday, at work, we installed this update on three Macs. After restarting, 2 of the 3 Macs had severe problems at startup that fail to resolve. It immediately beachballs at login to that user (of which the security update was installed). Finder, Photoshop, Quark (not out of the ordinary), and any other programs all "are not responding" from the dock's submenu and have to be force quit. However, going into another user, things appear to work fine... but we do not want to have to do this because all the fonts (checked install for all users, but that never works anyway in Font Book) wont carry over, not to mention having to reset all preferences. Any suggestions? Any way to roll back?
THE MAC GOD
Mac Enthusiast
Joined: Jan 2003
Why can't they...?
03/24, 08:16am reply
Why can't the updater turn back on a service after it does it's update? I had Windows File Sharing turned on in several of my Macs only to find out that this last update turned it off... I know it's necessary to do that to do the update, but why can't it be re-engaged when the updater is ready to quit?
fritzw1957
Fresh-Faced Recruit
Joined: Nov 2004
Ethernet port disappears?
03/24, 04:05pm reply
I can no longer configure my iBook's ethernet port (en0) after the update. I don't know if it's the update's fault though because it didn't happen until the next day. So it could be an actual physical problem.
Has anyone else encountered this?
slipperfrog
Fresh-Faced Recruit
Joined: Nov 2002