AAPL Stock: 126.44 ( -0.16 )

Printed from

Apple security update fixes 10 holes in Mac OS X

updated 07:15 pm EDT, Thu September 22, 2005

Security Update 2005-008

Apple today released , its backup application for Mac OS X. Users who don't have a valid .Mac account are limited to 100MB of backup, according to Apple's documentation. The security updates and Backup 3.0 are also available via the Mac OS X Software Update panel.

Apple said the update fixes a vulnerability in which a maliciously-crafted GIF image may result in arbitrary code execution and a few bugs in which could expose the contents of encrypted messages when using auto-reply and could disclose sensitive information when using Kerberos Version 5 for SMTP authentication.

The update also fixes problems with insecure file handling that may result in local privilege escalation; a bug QuickDraw Manager that could allow a maliciously-crafted PICT image to result in arbitrary code execution; problems where untrusted applets may gain elevated privileges; a bug in Ruby interpreted scripting language (Tiger only) that could result in arbitrary code execution; cross-site scripting bugs in Safari (when using web archives);

The update also fixes an exploit that could allow users with physical access to the system to bypass the "Require password to wake this computer from sleep or screen saver" setting as well as an issue that would allow users to grant themselves rights to manipulate arbitrary files or perform other privileged actions without authenticating.

Also included in this update are enhancements to LoginWindow for improved interaction with Parental Controls (Mac OS X v10.3.9), X509Anchors to include the Wells Fargo root certificate (Mac OS X v10.3.9), and Safe Download Validation to include Web Archives (Mac OS X v10.4.2).

by MacNN Staff





  1. Jedlink

    Joined: Dec 1969



    There is an iPod updater too.

  1. jetwerx

    Joined: Dec 1969


    but not a real bug fix

    You have to wonder about Apple sometimes. What is their real focus? It used to be a great OS/Machine that allowed usually tech-phobic creatives a technical outlet. But Apple has let linger for months, since the 10.4.2 update a significan problem to creative shops and production environments that rely heavily on working systems. A great number of these businesses typically use server to store shared resources, i.e. images, vector, layout files, etc. But since that last update, users of Abobe's InDesign product can no longer maintain a cetralized filing system for that filetype on am SMB server. Apple has been silent on this problem, but hey, we have had 2 iPod updates in the interim. C'mon Apple! Fix this huge s****-up!

  1. dimplemonkey

    Joined: Dec 1969



    for a security fix, it sure did fix some buggy issues that I was experiencing with Tiger.

  1. jpellino

    Joined: Dec 1969



    apple is still how you characterize them at first - good hw/sw integration that is easily adopted by tehnophobes. that focus hasn't changed.

    you seem to want to refute this because of a bug that affects pro shops who use a single pro app on a microsoft server volume.

    These have nothing to do with each other - you *do* need to talk to apple directly and /or adobe to get this taken care of - ranting here on apple in a general fashion isn't going to get you anywhere. Adobe's site claims it's working with apple on this and gives a simple workaround. And let's consider - they sold millions of ipods in just the past quarter - compared to people using an smb share and multiple indesign cs2 clients - they prolly have a few more people working on the ipod problem. Their focus for bugs is like everyone else's - barbecue the biggest broadest ones first.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Prong PWR Case

Ultimately there's one thing we all want from smartphone accessories; we want options. When it comes to keeping our iPhone charged, w ...

iHome iBT74 Color Changing Bluetooth Speaker

There's no reason why your tech can't look good while doing what it was designed to do. That's the reason that sports cars look goo ...

Logitech Gaming Daedalus Prime Mouse

Logitech Gaming continues to expand upon its peripherals line, with each one looking to fit neatly into a breadth of gaming needs. Bui ...


Most Commented