AAPL Stock: 117.81 ( -0.22 )

Printed from

Apple releases Mac OS X 10.4.7

updated 04:30 pm EDT, Tue June 27, 2006

Mac OS X 10.4.7 released

Apple has released Mac OS X 10.4.7, addressing numerous security issues in the operating system, as well as specific fixes. The update affects Mac OS X 10.4 through 10.4.6, as well as Mac OS X Server 10.4 through 10.4.6. Mac OS X 10.4.7 includes security fixes to AFP, CLamAV, ImageIO, launchd, and OpenLDAP. The update is available on Apple's support downloads Web page, as well as via Mac OS X's built-in software update feature. [updated]

Apple's Mac OS X 10.4.7 update is recommended for all users, and includes general operating system fixes as well as specific fixes which include:

  • reventing AFP deadlocks and dropped connections
  • Saving Adobe and Quark documents to AFP mounted volumes
  • Bluetooth file transfers, pairing and connecting to a Bluetooth mouse, and syncing to mobile phones
  • Audio playback in QuickTime, iTunes, Final Cut Pro, and Soundtrack Pro applications
  • Ensuring icons are spaced correctly when viewed on desktop
  • Determining the space required to burn folders
  • iChat audio and video connectivity, creating chat rooms when using AIM
  • Importing files into Keynote 3
  • PDF workflows when using iCal and iPhoto
  • Reliable use of Automator actions within workflows
  • Importing and removing fonts in Font Book
  • Syncing addresses, bookmarks, calendar events and files to .Mac
  • Compatibility with third party applications and devices
  • Previous standalone security updates


An issue in AFP server allows search results to include the names of files and folders for which the user performing the search has no access. This could result in information disclosure if the names themselves are sensitive information. This update addresses the issue by ensuring that
search results only include items for which the user is authorized. This issue does not affect systems prior to Mac OS X 10.4.


An issue in ClamAV's automatic virus database updating may result in a stack-based buffer overflow. A malicious or spoofed ClamAV database mirror may be able to cause arbitrary code execution with the privileges of ClamAV. The Mail service, virus scanning, and automatic virus database updates are off by default. This update addresses the issue by incorporating ClamAV 0.88.2. This issue does not affect systems prior to Mac OS X 10.4.


By carefully crafting a corrupt TIFF image, an attacker can trigger a stack-based buffer overflow which may result in an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of TIFF images. This issue does not affect systems prior to Mac OS X 10.4.


A format string vulnerability in the setuid program launchd may allow an authenticated local user to execute arbitrary code with system privileges. The issue is present in launchd's logging facility. This update addresses the issue by performing additional validation when logging messages. This issue does not affect systems prior to Mac OS X 10.4. Apple gives credit to Kevin Finisterre of DigitalMunition for reporting this issue.


By carefully crafting an invalid LDAP request, a remote attacker may be able to trigger an assertion in the OpenLDAP server, resulting in a denial-of-service. This update addresses the issue by discarding the invalid request. This issue does not affect systems prior to Mac OS X 10.4. Apple gives credit to the Mu Security research team for reporting this issue.

by MacNN Staff




  1. testudo

    Joined: Dec 1969



    A service pack update to fix security problems! Shouldn't they have gone in a security pack, rather then an OS update?

  1. jpellino

    Joined: Dec 1969


    for 39mb...

    ... the update itself was certainly snappy!

    We'll see about the OS shortly...

  1. Arislan

    Joined: Dec 1969


    How many more?

    This is a pretty big update and touches a lot of stuff. I wonder how many more updates 10.4 will see before everything is devoted to 10.5.

  1. resuna

    Joined: Dec 1969



    "This update addresses the issue by performing additional validation when logging messages."

    This implies that somewhere in launchd they're passing user-defined input to some routine like printf() as the format string, and that instead of changing the design to avoid this they're changing '%' to '%%' in the string first.


    When will they ever learn.

  1. resuna

    Joined: Dec 1969


    bigger news

    New macbook pro SMC firmware update!

    Will I finally have a laptop I can use in my lap? :)

  1. Zak Nilsson

    Joined: Dec 1969


    update size...

    39 MB for PPC, 133 MB for Intel. Hopefully that's just a bunch of small fixes for the Intel side.

  1. scottnichol

    Joined: Dec 1969


    re: how many more?

    i'd say at most 2.

  1. dimplemonkey

    Joined: Dec 1969


    uh, SMC update old

    that firmware update for MBP is several weeks old.

  1. suhail

    Joined: Dec 1969



    When are they gonna fix the font issues, permissions, the bug-ridden printer setup, and many more. These problems have been there for years!!

  1. Philip J. Fry

    Joined: Dec 1969


    SMC update

    There is a new one for the 17" MacBook Pro users.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented