AAPL Stock: 110.78 ( + 0.4 )

Printed from

Apple security update fixes 10 holes in Mac OS X

updated 07:15 pm EDT, Thu September 22, 2005

Security Update 2005-008

Apple today released , its backup application for Mac OS X. Users who don't have a valid .Mac account are limited to 100MB of backup, according to Apple's documentation. The security updates and Backup 3.0 are also available via the Mac OS X Software Update panel.

Apple said the update fixes a vulnerability in which a maliciously-crafted GIF image may result in arbitrary code execution and a few bugs in which could expose the contents of encrypted messages when using auto-reply and could disclose sensitive information when using Kerberos Version 5 for SMTP authentication.

The update also fixes problems with insecure file handling that may result in local privilege escalation; a bug QuickDraw Manager that could allow a maliciously-crafted PICT image to result in arbitrary code execution; problems where untrusted applets may gain elevated privileges; a bug in Ruby interpreted scripting language (Tiger only) that could result in arbitrary code execution; cross-site scripting bugs in Safari (when using web archives);

The update also fixes an exploit that could allow users with physical access to the system to bypass the "Require password to wake this computer from sleep or screen saver" setting as well as an issue that would allow users to grant themselves rights to manipulate arbitrary files or perform other privileged actions without authenticating.

Also included in this update are enhancements to LoginWindow for improved interaction with Parental Controls (Mac OS X v10.3.9), X509Anchors to include the Wells Fargo root certificate (Mac OS X v10.3.9), and Safe Download Validation to include Web Archives (Mac OS X v10.4.2).

by MacNN Staff





  1. Jedlink

    Joined: Dec 1969



    There is an iPod updater too.

  1. jetwerx

    Joined: Dec 1969


    but not a real bug fix

    You have to wonder about Apple sometimes. What is their real focus? It used to be a great OS/Machine that allowed usually tech-phobic creatives a technical outlet. But Apple has let linger for months, since the 10.4.2 update a significan problem to creative shops and production environments that rely heavily on working systems. A great number of these businesses typically use server to store shared resources, i.e. images, vector, layout files, etc. But since that last update, users of Abobe's InDesign product can no longer maintain a cetralized filing system for that filetype on am SMB server. Apple has been silent on this problem, but hey, we have had 2 iPod updates in the interim. C'mon Apple! Fix this huge s****-up!

  1. dimplemonkey

    Joined: Dec 1969



    for a security fix, it sure did fix some buggy issues that I was experiencing with Tiger.

  1. jpellino

    Joined: Dec 1969



    apple is still how you characterize them at first - good hw/sw integration that is easily adopted by tehnophobes. that focus hasn't changed.

    you seem to want to refute this because of a bug that affects pro shops who use a single pro app on a microsoft server volume.

    These have nothing to do with each other - you *do* need to talk to apple directly and /or adobe to get this taken care of - ranting here on apple in a general fashion isn't going to get you anywhere. Adobe's site claims it's working with apple on this and gives a simple workaround. And let's consider - they sold millions of ipods in just the past quarter - compared to people using an smb share and multiple indesign cs2 clients - they prolly have a few more people working on the ipod problem. Their focus for bugs is like everyone else's - barbecue the biggest broadest ones first.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented