troubleshooting/tutorials/security

04/04/2006, 10:25am, EDT

Tuesday, April 4th

Mac OS X 10.4.6 fixes Intel-Mac flaw

Apple's Mac OS X 10.4.6 update, released on Monday, fixes an important security issue for Intel-based Macs. Along with a slew of other bug fixes, Apple said that the latest update fixes an issue that could allow the firmware password to be bypassed on Intel-based Macs. "Prior to this update, a person with physical access to the computer could bypass the firmware password and access the "Single User Mode". According to Apple, this problem did not affect PowerPC-based Macs. This update addresses the issue by enhancing the security provided by the firmware password." In addition the update fixed problems with login and authentication in a variety of network environment, AFP file sharing, connecing to Cisco VPN servers using IP/Sec, Bluetooth wireless devices, and problems searching iWork '06 and Microsoft Office documents when using Spotlight. [updated]

In addition, the update resolves a flaw that could crash a variety of applications. Security Protocols today reported that the Mac OS X 10.4.6 update fixes a security flaw where a malformed .tiff image file could crash Preview, Finder, QuickTime, and Safari because the LZWDecodeVector() function does not properly parse the malformed data.


Filed under: troubleshooting

, , 9comments, del.icio.us, slashdot, digg, buzz


9 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
LouZer
Pointless
0
04/04, 8:10am, EDT
Who cares. If you've got phyiscal access to the computer, you can easily bypass all that stuff. Just rip out the hard drive. There you go. No security.
Fresh-Faced Recruit
Joined Nov 2000
User is offline
Sondjata
not a bug
0
04/04, 9:13am, EDT
Iu thought the ol' pull the RAM and zap the PRAM 3 times was a feature and not a bug. Has this been changed?
Fresh-Faced Recruit
Joined Oct 2000
User is offline
mitchcohen
FileVault
0
04/04, 9:13am, EDT
Just ripping out the hard drive doesn't help if running FileVault. On most Mac desktops you can also lock the case closed and/or chain the desktop to furniture making it harder to get access to the innards. I've never used a firmware password but it's a means of protection some people do find valuable so it's good it's been fixed.
Fresh-Faced Recruit
Joined Aug 2005
User is offline
shawnce
sondjata
0
04/04, 11:52am, EDT
I think the bug was being able to bypass the firmware password without having access to the internals of the system. The normal firmware bypass method still exists.

Fresh-Faced Recruit
Joined Nov 2000
User is offline
shawnce
oops...
0
04/04, 11:54am, EDT
http://docs.info.apple.com/article.html?artnum=106482
Fresh-Faced Recruit
Joined Nov 2000
User is offline
testudo
Re: filevault
0
04/04, 12:54pm, EDT
Just ripping out the hard drive doesn't help if running FileVault.

Well, booting into single user mode doesn't help either.
Fresh-Faced Recruit
Joined Aug 2001
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com
Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.