toggle

AAPL Stock: 103.3 ( + 0.8 )

Printed from http://www.macnn.com

Apple releases Mac OS X 10.4.7

updated 04:30 pm EDT, Tue June 27, 2006

Mac OS X 10.4.7 released

Apple has released Mac OS X 10.4.7, addressing numerous security issues in the operating system, as well as specific fixes. The update affects Mac OS X 10.4 through 10.4.6, as well as Mac OS X Server 10.4 through 10.4.6. Mac OS X 10.4.7 includes security fixes to AFP, CLamAV, ImageIO, launchd, and OpenLDAP. The update is available on Apple's support downloads Web page, as well as via Mac OS X's built-in software update feature. [updated]

Apple's Mac OS X 10.4.7 update is recommended for all users, and includes general operating system fixes as well as specific fixes which include:


  • reventing AFP deadlocks and dropped connections
  • Saving Adobe and Quark documents to AFP mounted volumes
  • Bluetooth file transfers, pairing and connecting to a Bluetooth mouse, and syncing to mobile phones
  • Audio playback in QuickTime, iTunes, Final Cut Pro, and Soundtrack Pro applications
  • Ensuring icons are spaced correctly when viewed on desktop
  • Determining the space required to burn folders
  • iChat audio and video connectivity, creating chat rooms when using AIM
  • Importing files into Keynote 3
  • PDF workflows when using iCal and iPhoto
  • Reliable use of Automator actions within workflows
  • Importing and removing fonts in Font Book
  • Syncing addresses, bookmarks, calendar events and files to .Mac
  • Compatibility with third party applications and devices
  • Previous standalone security updates


AFP

An issue in AFP server allows search results to include the names of files and folders for which the user performing the search has no access. This could result in information disclosure if the names themselves are sensitive information. This update addresses the issue by ensuring that
search results only include items for which the user is authorized. This issue does not affect systems prior to Mac OS X 10.4.

ClamAV

An issue in ClamAV's automatic virus database updating may result in a stack-based buffer overflow. A malicious or spoofed ClamAV database mirror may be able to cause arbitrary code execution with the privileges of ClamAV. The Mail service, virus scanning, and automatic virus database updates are off by default. This update addresses the issue by incorporating ClamAV 0.88.2. This issue does not affect systems prior to Mac OS X 10.4.

ImageIO

By carefully crafting a corrupt TIFF image, an attacker can trigger a stack-based buffer overflow which may result in an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of TIFF images. This issue does not affect systems prior to Mac OS X 10.4.

launchd

A format string vulnerability in the setuid program launchd may allow an authenticated local user to execute arbitrary code with system privileges. The issue is present in launchd's logging facility. This update addresses the issue by performing additional validation when logging messages. This issue does not affect systems prior to Mac OS X 10.4. Apple gives credit to Kevin Finisterre of DigitalMunition for reporting this issue.

OpenLDAP

By carefully crafting an invalid LDAP request, a remote attacker may be able to trigger an assertion in the OpenLDAP server, resulting in a denial-of-service. This update addresses the issue by discarding the invalid request. This issue does not affect systems prior to Mac OS X 10.4. Apple gives credit to the Mu Security research team for reporting this issue.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. testudo

    Joined: Dec 1969

    0

    Alright!

    A service pack update to fix security problems! Shouldn't they have gone in a security pack, rather then an OS update?

  1. jpellino

    Joined: Dec 1969

    0

    for 39mb...

    ... the update itself was certainly snappy!

    We'll see about the OS shortly...

  1. Arislan

    Joined: Dec 1969

    0

    How many more?

    This is a pretty big update and touches a lot of stuff. I wonder how many more updates 10.4 will see before everything is devoted to 10.5.

  1. resuna

    Joined: Dec 1969

    0

    worrisome

    "This update addresses the issue by performing additional validation when logging messages."

    This implies that somewhere in launchd they're passing user-defined input to some routine like printf() as the format string, and that instead of changing the design to avoid this they're changing '%' to '%%' in the string first.

    *sigh*

    When will they ever learn.

  1. resuna

    Joined: Dec 1969

    0

    bigger news

    New macbook pro SMC firmware update!

    Will I finally have a laptop I can use in my lap? :)

  1. Zak Nilsson

    Joined: Dec 1969

    0

    update size...

    39 MB for PPC, 133 MB for Intel. Hopefully that's just a bunch of small fixes for the Intel side.

  1. scottnichol

    Joined: Dec 1969

    0

    re: how many more?

    i'd say at most 2.

  1. dimplemonkey

    Joined: Dec 1969

    0

    uh, SMC update old

    that firmware update for MBP is several weeks old.

  1. suhail

    Joined: Dec 1969

    0

    BLAUGH!

    When are they gonna fix the font issues, permissions, the bug-ridden printer setup, and many more. These problems have been there for years!!

  1. Philip J. Fry

    Joined: Dec 1969

    0

    SMC update

    There is a new one for the 17" MacBook Pro users.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Kanex KTU10 Thunderbolt to USB 3.0 and eSATA

Apple has never been shy about funky ports -- first it was Apple Desktop Bus, and its own DIN-8 serial port. Following that came FireW ...

Logitech Hyperion Fury mouse

Selecting the correct gaming mouse comes down to finding a device that balances the needs of a user with a price they can afford. Ofte ...

Life n Soul BM211 Bluetooth speaker

Bluetooth speakers aren't only for listening to some music at the park or on a long bus ride, but can also be built with tablets in m ...

toggle

Most Commented