MacUpdate Weekend Sale :This weekend MacUpdate has slashed prices on Painter 12 and Painter Lite. Painter 12 retails for $429, but has been reduced by 54% to $199. Painter Lite has seen a 58% price cut from $69 to $29. Hurry, because these deals are only available until May 19th 2013.      
toggle

AAPL Stock: 433.26 ( -1.32 )

http://www.macnn.com/articles/05/05/19/mac.os.x.10.4.1.security/

Apple details security fixes in Mac OS X 10.4.1

updated 10:00 pm EDT, Thu May 19, 2005

 

Mac OS X 10.4.1 security


Apple today ; a problem in the Bluetooth file and object exchange services that could be used to access files outside of the default directory; a problem where users could discover the names of files placed in normally unsearchable places; and a problem where users with physical access to a system with a locked screensaver could start background applications.


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. james9490

    troll

    Joined: May 2005

    0
    05/19, 10:16pm | report spam | Reply |

    Huge blow to Apple

    These security flaws are huge blow to Apple. Especially the problem where users with physical access to a system with a locked screensaver could start background applications makes OS X nearly as insecure as Windows. It is a dawn of the post OS 9 era in which viruses and worms previously found only on Windows migrate to the Mac platform. And it is extremely concerning since most anti-virus vendors are already tied up with Windows, and because the OS X market share is so insignificantly small that it makes much more sense for them to encourage users to migrate to Windows.

    Apple must address these issues very quickly. Competition is fierce.

  1. Seqiro

    Junior Member

    Joined: Nov 2003

    0
    05/19, 10:45pm | report spam | Reply |

    Uh.. they did.

    Um... they did address the issues, hence the 10.4.1 update and this KB article.

  1. MichaelNH

    Fresh-Faced Recruit

    Joined: Jul 2002

    0
    05/20, 01:01am | report spam | Reply |

    I hope you are joking....

    If you are expecting a "screensaver" to protect your files..... you deserve to have what is coming to you..... I view a screensaver with password protection to prevent the casual user from walking by and seeing what is on your screen..... try logging out of your machine if you feel your data warrants REAL protection..... I even have firmware password setup on my machine so it makes even a good casual user to take a lot more effort to get into my machine if it is out of my hands.

  1. resuna

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    05/20, 08:55am | report spam | Reply |

    Mixed blessings.

    Some of the problems in Mac OS X, particularly with Safari, are of the same nature as the ones that have bedevilled Microsoft for the past seven or eight years... but they are by no means as deeply embedded or hard to avoid. "Nearly as insecure as Windows" is definitely overstating the case.

    Unfortunately, this seems to be leading Apple to think that it's OK to use the same collection of inadequate patches on individual symptoms as Microsoft has. They really need to step back and reconsider some of the original design decisions in Safari and Webcore.

    1. Webcore shouldn't be using Launchservices as its database for "helper applications" - handlers for file types and URIs - because many applications (including Apple's) are using the same database for local applications, and many of the apps in that database were never designed to handle untrusted documents: both the "help:" hole last year and the "x-man-page:" hole this year are examples of this. There WILL be more.

    2. There's nothing wrong with the security of Dashboard, IF Dashboard is treated as a local application platform with plugins, like iTunes, the Scren Saver engine, Preferences, and so on. Trying to create a "partial sandbox", though, is doomed. Microsoft's long history of ActiveX exploits demonstrates this.

    3. Popping up a dialog every time you *might* be handing off an untrusted object to an unsandboxed application is not good enough. When these dialogs come up over and over again, people get used to clicking "OK", so when it really matters they tend to click "OK" again. You need to make this a deliberate action they can choose at their leisure, not something in their face that gives them a "hard sell" to "click something, NOW". The difference between "download a file and open it" and "open safe files after download, with a warning dialog" is like the difference between buying a product in a supermarket after comparison shopping, and buying it at an auction because you rubbed your nose at the wrong time.

    That really happens, by the way: the only reason I'm using a Mac now is that the room-mate of a friend of mine accidentally bought a pallet of old Macs at an auction, and I bought some of them for the cost of shipping... and got hooked.

  1. kw14

    Junior Member

    Joined: Sep 2004

    0
    05/20, 10:14am | report spam | Reply |

    Hugh blow to Apple???

    Give me a break. You (james9490) are like Chicken Little screaming the sky is falling. I am surprise you didn't abandon the Mac platform already because we've had a number of security patches through all 10.x.x. I agree with 'resuna' that Apple need to tighten up their "sandbox" regarding untrusted objects. But I can hardly see this as the dawn of Windows insecurity on Mac.

  1. beeble

    Fresh-Faced Recruit

    Joined: Mar 2004

    0
    05/20, 11:11am | report spam | Reply |

    james9490

    Where did this looser come from? Every post he/she makes can be picked apart with incredible easy. The Xbox 360 using G5's for development is reason for Apple to go to AMD processors and Windows. Apple fixes some minor security problems and he/she predicts the imminent arrival or the virus horde and demands that Apple fix what they've just announced they've fixed.

    Sheesh! Sober up before you post man. Your friends probably find you simply weird (assuming you have some) but the grown-ups here just find your FUD annoying.

  1. skabaru

    Joined:

    0
    05/20, 02:48pm | report spam | Reply | delete

    Huge blow to Apple!!!!!

    I sure hope someone tells apple about these problems. Then, armed with that knowledge, perhaps they could figure out how to fix the problems. THEN they might want to release an update.

    I only hope Apple figures it out in time. Competition is fierce.

  1. rtbarry

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    05/20, 05:03pm | report spam | Reply |

    james = troll = ignore

    he festers in his basement.

  1. ecrelin

    Junior Member

    Joined: Oct 2000

    0
    05/22, 10:12am | report spam | Reply |

    Users MUST get a clue

    resuna, no operating system can really determine if an application is "trusted". I have been teaching non users to become users for twenty years this year and everyone I've instructed has gotten the "you are responsible" lecture and most really do read the dialogs and respond accordingly. We all know that viruses and trojans are not the same, Windows is a crappy cludge but many of the horrific problems in the market are exascerbated by idiots who click the link in the email to see the naughty pictures or whatever. Just like the light on the dashboard that tells you that you are low on gas, ignore it at your own peril and if you do you deserve what you get. I have no problem with accountability and think that dialogs, like warning labels on products are a good as you can do and still provide a usable environment.

  1. resuna

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    01/23, 01:10pm | report spam | Reply |

    dialogs don't work

    I have been teaching non users to become users for twenty years this year and everyone I've instructed has gotten the "you are responsible" lecture and most really do read the dialogs and respond accordingly.

    I've been supporting users for about that long, and you're right... most do read the dialogs almost all the time. Unfortunately, very few read them EVERY time and "reflex clicking" is hard to avoid. All it takes is a couple of percent of users to be careless, or for many users to be careless a few percent of the time, and everyone (including the careful clueful people) suffers.

    See, this isn't a matter of accountability. It's a matter of statistics. Statistically, popping up a dialog before doing something stupid is ineffective. Statistically, not doing the stupid thing at all works a lot better.

    And it's not a matter of user inconvenience. Just sticking the downloaded file into a list of downloaded files - a "download manager" - is at least as convenient as automatically downloading the file, and is so much less likely to lead to problems that it's incomprehensible that anyone would bother trying to secure the insecurable auto-open vulnerability.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News