PDA

View Full Version : Security Update 2003-12-05


MacRumors
Dec 5, 2003, 12:55 PM
Apple has posted a security update (2003-12-05) in your software update:

Security Update 2003-12-05 updates Safari to prevent unauthorized access to a user's cookies.

This plugs a security vulnerability that was revealed in late November (http://www.secunia.com/advisories/10252/).

Wes
Dec 5, 2003, 12:56 PM
I just tried; I get an error.

mactastic
Dec 5, 2003, 12:58 PM
Well I sure don't want anyone getting their hands on my cookies!

mactastic
Dec 5, 2003, 12:58 PM
This is for everyone right? Not just Panther users?

mangoman
Dec 5, 2003, 12:59 PM
Apple rocks. Thank you, Cupertino.

Gymnut
Dec 5, 2003, 01:13 PM
Will download when I get home.

gwuMACaddict
Dec 5, 2003, 01:14 PM
Originally posted by mactastic
Well I sure don't want anyone getting their hands on my cookies!

hehehe... i thought this sounded a little dirty myself... i wouldn't want anyone touching my cookies either :D

Longey Nowze
Dec 5, 2003, 01:18 PM
I was getting bored, I was hoping for a software update :) now if I try really hard maybe I will will find a Pagani Zonda in my garage :D

MaT

ddbean
Dec 5, 2003, 01:28 PM
"... prevent unauthorized access to a user's cookies."


Glad it only effects unauthorized access to my cookies and not the ones I've authorized. :D

And for those that get brave, let us know if this breaks anything. I'll wait till I see a few reports on a G5 Dual running 10.3.1

Trowaman
Dec 5, 2003, 01:38 PM
HA! I had it downloaded and restarted before you guys even posted this! Score for me. Oh well, my cookies are secure. :D Hu-zah then.

inkswamp
Dec 5, 2003, 01:47 PM
Originally posted by mactastic
Well I sure don't want anyone getting their hands on my cookies!
That's not what you were saying last night! :D

1macker1
Dec 5, 2003, 01:50 PM
I wish I could get an update that actually improved something that i could use.:(

Counterfit
Dec 5, 2003, 01:51 PM
Originally posted by Longey Nowze
now if I try really hard maybe I will will find a Pagani Zonda in my garage :D

MaT While you're working on that, could you try and get me a McLaren, Murcielago, or most any other supercar?

Elenita
Dec 5, 2003, 01:54 PM
No problems so far on a 15" Aluminum Powerbook running Mac OS X 10.3.1!

Counterfit
Dec 5, 2003, 01:55 PM
Just what I wanted to hear!

robotrenegade
Dec 5, 2003, 01:57 PM
Got it. No body touchs my cookies!:cool:

SFNE Freak
Dec 5, 2003, 01:58 PM
Only weirdness I encountered was that iChat, Address Book and Sherlock reappeared in my Dock after I restarted. Other than that, everything is fine.

SilentPanda
Dec 5, 2003, 02:07 PM
What if I just wanted to give away my cookies... and not have them stolen?

mactastic
Dec 5, 2003, 02:11 PM
Originally posted by inkswamp
That's not what you were saying last night! :D

Sure it was, your mom had authorized access to my cookies!:eek:

Sorry, couldn't resist.

I'm gonna download and install this after seeing a few more success stories.

arn
Dec 5, 2003, 02:16 PM
installed/worked fine.

arn

x86isslow
Dec 5, 2003, 02:16 PM
Originally posted by Counterfit
While you're working on that, could you try and get me a McLaren, Murcielago, or most any other supercar?

can you drive yet?;)

joker2
Dec 5, 2003, 02:21 PM
10.3.1 on a 12" revB PB working just fine. Had to reboot, darn. I hadn't rebooted since the week before Thanksgiving ;)

k2k koos
Dec 5, 2003, 02:22 PM
wiat until the cookie monster hears of this, he ain't goin to be happy!:D

TomSmithMacEd
Dec 5, 2003, 02:24 PM
I will try it when I get home, but I'm sure it will be fine. I feel weird installing sercurity patches though, like I would be using XP or something.... Then I relize the Mac patches are to protect something that COULD be a problem not something that IS a problem like on windows machines.

ITR 81
Dec 5, 2003, 02:29 PM
Installed on 15inch Tibook with 10.3.1 and no issues at all.

I love the fact Apple always releases sec. patches as soon as they can before it becomes an issue.

nagromme
Dec 5, 2003, 02:31 PM
10.3.1 rolled in the previous security updates. I'm hoping 10.3.2 does the same. I feel reasonably safe waiting a few extra days or even weeks.

FlamDrag
Dec 5, 2003, 02:32 PM
no problems on 10.2.8

greg6028
Dec 5, 2003, 02:48 PM
Does this update fix the Auto Fill Forms in Safari. (It stop working for most web sites after the last sec. update..)

GeeYouEye
Dec 5, 2003, 02:53 PM
anyone else think the Google ads for this page are hilarious, given the content of the page?

Freg3000
Dec 5, 2003, 03:06 PM
Originally posted by SFNE Freak
Only weirdness I encountered was that iChat, Address Book and Sherlock reappeared in my Dock after I restarted. Other than that, everything is fine.

That happened to me a few times in Jaguar. I'll see if it happens when I do this update.

uv23
Dec 5, 2003, 03:11 PM
Disclaimer: I'm a switcher newbie. After installing this update, the installer said "optimizing volume HD" and it took a few minutes. I've never seen this happen after installing a software update before (at least I don't think I have). Enlighten me?

kanaka
Dec 5, 2003, 03:21 PM
Originally posted by uv23
Disclaimer: I'm a switcher newbie. After installing this update, the installer said "optimizing volume HD" and it took a few minutes. I've never seen this happen after installing a software update before (at least I don't think I have). Enlighten me?

It is updating the prebindings (http://radio.weblogs.com/0100490/stories/2002/08/24/prebindingExplained.html) to improve application launch time. You'll probably see this a lot when installing a software update or installing an application that uses a package for its installer.

sethypoo
Dec 5, 2003, 03:34 PM
Originally posted by gwuMACaddict
hehehe... i thought this sounded a little dirty myself... i wouldn't want anyone touching my cookies either :D

Hehe, look at this!

Cookie Monster! (http://pbskids.org/sesame/letter/)

Nobody will be touching my Thin Mintsİ anytime soon.

Arcady
Dec 5, 2003, 03:39 PM
Originally posted by GeeYouEye
anyone else think the Google ads for this page are hilarious, given the content of the page?

Google AdSense creates those ads based on the GoogleBot indexing of the page. Since this page probably did not exist the last time GoogleBot indexed this site, it puts up generic (non-paying) ads instead. The webmaster can choose to display alternate (paying) ads instead of the default ads, which is useful for new content on a site, and keeps the money coming in. If you come back to this page in a day or so, I bet the Google ad will list all kinds of Apple stuff.

(And to keep this on-topic) - I installed the security update, and everything works fine. :D

greg6028
Dec 5, 2003, 04:08 PM
No, the new update did nothing to make Auto Fill Forms work in Safari

alamar
Dec 5, 2003, 04:09 PM
Originally posted by kanaka
It is updating the prebindings (http://radio.weblogs.com/0100490/stories/2002/08/24/prebindingExplained.html) to improve application launch time. You'll probably see this a lot when installing a software update or installing an application that uses a package for its installer.

this will typically on my machine take longer than it says it will too, no biggie though.

visor
Dec 5, 2003, 04:17 PM
why one has to restart the computer after installing a safari security update...

shouldnt it be enough to restart safari?

Counterfit
Dec 5, 2003, 04:23 PM
Originally posted by greg6028
No, the new update did nothing to make Auto Fill Forms work in Safari It wasn't supposed to. My AutoFill still works, and I would assume that's true for many other people, because I haven't heard about it.

sebaz
Dec 5, 2003, 04:25 PM
its a security update..not an application update..whatever was broken should by the most part still be broken after u apply the update

germ war
Dec 5, 2003, 04:54 PM
Does that mean Safari is the cookie jar?

physicsnerd
Dec 5, 2003, 05:03 PM
No problems on a 1ghz Tibook with 10.3.1

rdowns
Dec 5, 2003, 06:31 PM
Originally posted by greg6028
No, the new update did nothing to make Auto Fill Forms work in Safari

Haven't installed the update yet but no problems with auto-fill in Safari and have all other updates installed. Damn glad given all the holiday shopping I'm doing online.

maxtrax
Dec 5, 2003, 08:09 PM
I just wish they would update Safari itself. I find it much more useless in Panther than the last Jag version. The caching problems are actually worse. Don't even bother going to a page with frames because the frame will not update, I constantly have to open a frame in a new window and then refresh... good times it is.

Sorry for being off topic, I love Safari, but damn there are some serious messed up things that make it really hard to use.

Paul

richie
Dec 5, 2003, 08:11 PM
Originally posted by visor
why one has to restart the computer after installing a safari security update...

shouldnt it be enough to restart safari?

The update actually appears to update the Foundation framework, not just Safari, so to get the changes to be recognised, the simplest thing is to restart.

huntsman
Dec 5, 2003, 08:51 PM
I'm fine with security updates, but another bloody reboot? Having used GNU/Linux for a year (swithching to Mac OS X a month ago as Linux doesn't have sufficient iBook G4 support yet) I became used to having ten applications open simultaneously and not having to worry about some update forcing me to reboot and lose my context in each of those programs--virtually no updates required a reboot. I thought I'd escaped having to do that, but now it's starting to feel like I've switched back to the reboot-a-thon that is Windows XP.

And I thought the "just restart" attitude, as if it's some routine triviality, was exclusive to the Windows camp. Looks like I'll be seeking to make another "switch" sooner than I'd intended :mad:

leet1
Dec 5, 2003, 08:54 PM
Originally posted by huntsman
And I thought the "just restart" attitude, as if it's some routine triviality, was exclusive to the Windows camp

Common misconception. ;)

Wonder Boy
Dec 5, 2003, 11:29 PM
If i am the the only one who uses my computer, what is the incentive to download this update?

Longey Nowze
Dec 5, 2003, 11:48 PM
i just woke up and looking to my garage i don't see a Pagani Zonda :( oh well... maybe my powers are only good for updates... wishing that 10.3.2 will have a super car of your choice feature a press of a button and BOOM you have a new car! :p

Thanks
MaT

Trowaman
Dec 6, 2003, 12:09 AM
Originally posted by sethypoo
Hehe, look at this!

Cookie Monster! (http://pbskids.org/sesame/letter/)

Oh man! This is like my child hood all over again!!! I love it!!! And after playing with the different kids games for 5 minutes I remember something a friend of mine showed me. It was a picture of a Apple mouse and some baby toys that said "Apple, simple computers for simple minds."

*sigh, oh well the Ernie game was a blast. I FOUND HIM!:D

iMeowbot
Dec 6, 2003, 12:26 AM
Originally posted by Wonder Boy
If i am the the only one who uses my computer, what is the incentive to download this update?

The flaw lets random sites on the Internet rummage through your cookies, even if they aren't the ones who put them there. I suppose that if you have no secrets, there's no reason to fix it.

Sunrunner
Dec 6, 2003, 05:14 AM
My poor, poor uptime... I think Ill just wait for the 10.3.2 update to go final. I wish Apple would make more of their updates transparent so we dont have to restart constantly...

Dave_B
Dec 6, 2003, 06:35 AM
Originally posted by Wonder Boy
If i am the the only one who uses my computer, what is the incentive to download this update?

My impression is that the after the update Safari 1.0.1 (v85.6) is faster than 1.0

Perhaps this is a difference only to 10.2 users?

pb1212580
Dec 6, 2003, 10:45 AM
Installed it on 2 powerbook 12" (one 867mhz and one 1ghz)

The 1 ghz has no problem so far but the 867mhz was experiencing freezing ichat everytime an invitation was sent to it.

Anyone got any idea or experiencing the same thing?



Originally posted by SFNE Freak
Only weirdness I encountered was that iChat, Address Book and Sherlock reappeared in my Dock after I restarted. Other than that, everything is fine.

rog
Dec 6, 2003, 11:58 AM
this is becoming like Windows with almost weekly security updates. Get it together Apple!

CRMarvin42
Dec 6, 2003, 01:10 PM
My friend just installed the update last night and now all of the diskimages on his 80 gig drive, including the folder they were in has dissapeared. has anyone else noticed this sort of problem with this update?

killmoms
Dec 6, 2003, 03:52 PM
this is becoming like Windows with almost weekly security updates. Get it together Apple!
Apple just released a major new revision of the OS, with lots of under-the-hood changes. This both creates and brings to light new bugs. Such is the way of the software market. I'm tired of armchair security analysts on Mac forums lambasting Apple for releasing security updates. Get a grip, okay? At least they're fixing the bugs. The same can't be said for MS, who "fix" a bug, only to have to fix it several times again as new variants appear.

No one's making you download the updates. If it irks you that much, don't get them.

Ugh.

--Cless

ryaxnb
Dec 7, 2003, 12:32 AM
Originally posted by TomSmithMacEd
Then I relize the Mac patches are to protect something that COULD be a problem not something that IS a problem like on windows machines.
No offense, but then you realize that the patch was released before the blaster virus AFAIK.

JDar
Dec 7, 2003, 09:09 AM
After applying the latest security update I am unable to access Accounts in SysPrefs--it crashes without any other known effect. It's not a permissions problem. There are some other issues reported on the Apple forums.

I hadn't had any problems with upgrading to Panther from Jaguar until this security update. Glad another major update is reportedly not far off and maybe this glitch will mysteriouly be repaired.

killmoms
Dec 7, 2003, 01:43 PM
After applying the latest security update I am unable to access Accounts in SysPrefs--it crashes without any other known effect.
Strange, I'm not having any problems (that one included).

--Cless

MasterMac
Dec 11, 2003, 11:16 PM
Originally posted by JDar
After applying the latest security update I am unable to access Accounts in SysPrefs--it crashes without any other known effect. It's not a permissions problem. There are some other issues reported on the Apple forums.

I hadn't had any problems with upgrading to Panther from Jaguar until this security update. Glad another major update is reportedly not far off and maybe this glitch will mysteriouly be repaired. Have you tried trashing the .plist file for the system prefs?

JDar
Dec 12, 2003, 07:45 AM
Have you tried trashing the .plist file for the system prefs?

Oh, yes, and a number of other things including DW, repairing prefs, periodic maintenance, etc. On Apple forums other people have had similar though not exact same problems with SysPrefs after the update.