toggle

AAPL Stock: 519.01 ( + 1.05 )

Printed from http://www.macnn.com

Apple security update fixes 10 holes in Mac OS X

updated 07:15 pm EDT, Thu September 22, 2005

Security Update 2005-008

Apple today released , its backup application for Mac OS X. Users who don't have a valid .Mac account are limited to 100MB of backup, according to Apple's documentation. The security updates and Backup 3.0 are also available via the Mac OS X Software Update panel.

Apple said the update fixes a vulnerability in which a maliciously-crafted GIF image may result in arbitrary code execution and a few bugs in Mail.app which could expose the contents of encrypted messages when using auto-reply and could disclose sensitive information when using Kerberos Version 5 for SMTP authentication.

The update also fixes problems with insecure file handling that may result in local privilege escalation; a bug QuickDraw Manager that could allow a maliciously-crafted PICT image to result in arbitrary code execution; problems where untrusted applets may gain elevated privileges; a bug in Ruby interpreted scripting language (Tiger only) that could result in arbitrary code execution; cross-site scripting bugs in Safari (when using web archives);

The update also fixes an exploit that could allow users with physical access to the system to bypass the "Require password to wake this computer from sleep or screen saver" setting as well as an issue that would allow users to grant themselves rights to manipulate arbitrary files or perform other privileged actions without authenticating.

Also included in this update are enhancements to LoginWindow for improved interaction with Parental Controls (Mac OS X v10.3.9), X509Anchors to include the Wells Fargo root certificate (Mac OS X v10.3.9), and Safe Download Validation to include Web Archives (Mac OS X v10.4.2).




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Jedlink

    Joined: Dec 1969

    0

    also...

    There is an iPod updater too.

  1. jetwerx

    Joined: Dec 1969

    0

    but not a real bug fix

    You have to wonder about Apple sometimes. What is their real focus? It used to be a great OS/Machine that allowed usually tech-phobic creatives a technical outlet. But Apple has let linger for months, since the 10.4.2 update a significan problem to creative shops and production environments that rely heavily on working systems. A great number of these businesses typically use server to store shared resources, i.e. images, vector, layout files, etc. But since that last update, users of Abobe's InDesign product can no longer maintain a cetralized filing system for that filetype on am SMB server. Apple has been silent on this problem, but hey, we have had 2 iPod updates in the interim. C'mon Apple! Fix this huge s****-up!

  1. dimplemonkey

    Joined: Dec 1969

    0

    Odd...

    for a security fix, it sure did fix some buggy issues that I was experiencing with Tiger.

  1. jpellino

    Joined: Dec 1969

    0

    jetwerx

    apple is still how you characterize them at first - good hw/sw integration that is easily adopted by tehnophobes. that focus hasn't changed.

    you seem to want to refute this because of a bug that affects pro shops who use a single pro app on a microsoft server volume.

    These have nothing to do with each other - you *do* need to talk to apple directly and /or adobe to get this taken care of - ranting here on apple in a general fashion isn't going to get you anywhere. Adobe's site claims it's working with apple on this and gives a simple workaround. And let's consider - they sold millions of ipods in just the past quarter - compared to people using an smb share and multiple indesign cs2 clients - they prolly have a few more people working on the ipod problem. Their focus for bugs is like everyone else's - barbecue the biggest broadest ones first.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Ooma Office small business VoIP

Voice over IP (VoIP) services have been around for a very long time. Only recently has the implementation become a bit more robust, al ...

toggle

Most Commented