Security Update 2005-004 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

iSync

For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798

good catch, only a 1.1mb download and no restart needed, not our usual security update to say the least

http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com)

On the heels of the Mac OS X 10.3.9 comes a Security Update (2005-004) - in your Software Update:
Security Update 2005-004 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

iSync

For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798/

It addresses a potential buffer overflow issue in a iSync related application.

Wow... that was small... didn't even need a restart... :)

From http://docs.info.apple.com/article.html?artnum=301326:Available for: iSync 1.5 on Mac OS X v10.2.8 and Mac OS X v10.3.x

Impact: A buffer overflow in iSync could lead to local privilege escalation.

Description: The iSync helper tool mRouter contains a buffer overflow vulnerability. This could result in the execution of arbitrary commands as root by local system users. Security Update 2005-004 fixes this issue by providing a patched version of mRouter. Credit to Braden Thomas for reporting this issue.

Security me up baby!, just call me fort Knox!
Weird, Software update just crashed, ran it again, and apparently the update has been installed!

Does this include the Java fix?

Could this be fixing this hole?
http://www.macbidouille.com/niouzcontenu.php?date=2005-03-31

Edit: It does, it was reported on that site already 25 January, i.e., 3 months ago. It was however not a really critical one since it was just a local privilege escalation issue (and if you were not using iSync, the simple solution was to just disable the affected binary).

I was able to hold my breath during the update. http://www3.telus.net/poojja/s/smile2.gif

I wonder if Apple included a little hidden Java fix in this update. If not..they should have, would have been the perfect opportunity to get the problem out of the way with little fuss.

Safari seems snapier! :-)

As far as I know, a lot of people with the Java problem after 10.3.9 fixed it by just updating prebindings. One easy way to do this is to install the latest security update (as Apple recommends).

So I guess this is a quick way for Apple to fix the Java issue without actually mentioning it ;)

Best. Security Update. Ever.

All told perhaps 15 seconds.

As far as I know, a lot of people with the Java problem after 10.3.9 fixed it by just updating prebindings. One easy way to do this is to install the latest security update (as Apple recommends).

So I guess this is a quick way for Apple to fix the Java issue without actually mentioning it ;)


unfortunatly, I still get a segmentation fault when I do the thing in terminal :mad: :(

You would think that they might of know that they were going to fix this little bug and would of included it with the big OS upgrade.

man! it sucks when the security update is the best news of the day.

You would think that they might of know that they were going to fix this little bug and would of included it with the big OS upgrade.

Hard to know from the outside how these things get scheduled. At some point you have to stop changing the code and just test it or it will never get out the door.

I'm not getting it in SW update....

The sucurity update screws up safari. It no longer recognizes "valign" commands.

Really really annoying. Really.

man! it sucks when the security update is the best news of the day.

Here (http://finance.yahoo.com/q?s=AAPL) is better news. ;)

Although... I am sure it would have been fine if I had not updated... I mean, Tiger is around the corner... but I am such a creature of habit.

All right: I promise that if Apple releases another update before Friday, I WILL NOT update... unless it turns my PB into a PB G5.

yea good stuff today, maybe we'll get a 1.1mb security update every other day until tiger is released :D

God I hope this doesn't screw up my system like 10.3.9 did. I had to revert back to 3.7 before I could get work my way back up to 10.3.9

Why bother, we're a single digit migit! :D

I feel like an 8 year old waiting for Christmas.

As far as I know, a lot of people with the Java problem after 10.3.9 fixed it by just updating prebindings. One easy way to do this is to install the latest security update (as Apple recommends).

So I guess this is a quick way for Apple to fix the Java issue without actually mentioning it ;)

No. The security update Apple recommends is the 2005-002 update which included updates to Java. It's not the prebinding that fixes the problem apparently.


The sucurity update screws up safari. It no longer recognizes "valign" commands.


Huh? it doesn't go anywhere near Safari or any of it's components.

man! it sucks when the security update is the best news of the day.

At least their is news unlike somedays! :)

I feel safer already!

God I hope this doesn't screw up my system like 10.3.9 did. I had to revert back to 3.7 before I could get work my way back up to 10.3.9

10.3.9 screwed up my system too. How do you revert back to 10.3.7?

I don't think you do revert back...? :mad:

Well, maybe you can.... I'll check into that for you.

Looked @ Apple site, no clue, sorry. :(

I'm not getting it in SW update....

Hmmm...I don't see it either, like Sam I'm also another G4/800 iMac. Something special about us? Doesn't show up on the macquarium either, though. Coincidence? I think not!
~joe

Not getting it in software update either.. pulled already?

if its not showing up in SU, you can download it from here:

http://www.apple.com/support/downloads/

I don't see in in SU either, but since I don't have iSync installed and have ignored its updates this seems reasonable.

Which leads me to believe that it contains no hidden fix for the problems caused by the 10.3.9 update, otherwise it would have appeared in the list for everyone.

still getting safari crashes...apple when will u fix it :(

still getting safari crashes...apple when will u fix it :(
And you have uninstalled any of AcidSearch, PithHelmet, Sogudi and whatnot ?

NB: The newest version of Sogudi seems to work.

Hmmm...I don't see it either, like Sam I'm also another G4/800 iMac. Something special about us? Doesn't show up on the macquarium either, though. Coincidence? I think not!
~joe
I don't see it either.
-PB G4-550
-Never installed stand alone iSync updates
-Installed 10.3.9 yesterday (maybe silently included?)

still getting safari crashes...apple when will u fix it :(

Do you have any third party apps installled? And have you read
this (http://docs.info.apple.com/article.html?artnum=301380)?

Hey, you mention that you had to revert back to 3.7? How do you do this? 3.9 entirely messed up Safari. I got it bacl by deleting and reinstalling 1.2 but the problem is that it still doesn't work properly!! My bookmarks are entirely static and I can't add or delete them! Any help would be appreciated with regard to reverting back to an older update without reinstalling my OS.

But no such luck: my sync is crashing midway through since the update, which is unfortunate since I managed to lose all the data in my Clié yesterday through unrelated incompetence on my part, so reversion to backup would be nice!

I did reinstall Palm Desktop, that didn't help. Anyone seen any pointers on this one?

Have you tried repairing permissions ?

If that doesn't do it, then download and install the 10.3.9 COMBO updater. With no programs running while updating.

Hmmm...I don't see it either, like Sam I'm also another G4/800 iMac. Something special about us? Doesn't show up on the macquarium either, though. Coincidence? I think not!
~joe

I wonder if they... GASP... stopped supporting us?!

oh well... I'm getting a Powerbook within the next quarter or two.

I wonder if they... GASP... stopped supporting us?!

oh well... I'm getting a Powerbook within the next quarter or two.

I'm not seeing it either and I'm using a PB, so you can put the conspiracy theories away for now!

And you have uninstalled any of AcidSearch, PithHelmet, Sogudi and whatnot ?

NB: The newest version of Sogudi seems to work.

Enlighten me; what are these programs good for?

Enlighten me; what are these programs good for?
Search.

E.g. with Sogudi installed you just type "mov the iron giant" in Safari's location bar to search the IMDB for the movie.

http://www.atamadison.com/w/kitzkikz.php?page=Sogudi

Enlighten me; what are these programs good for?

Search MacUpdate.com (http://macupdate.com) for a bit of self enlightenment ;)

I just installed the Mac OS X Security update 2005 - 004. No problems incurred, all is well. :)

Enlighten me; what are these programs good for?

Breaking Safari every time they update the version number. ;-)

still getting safari crashes...apple when will u fix it :(

There's nothing to fix. Problems are caused by hosed systems to begin with. The majority of users had no problems at all.

There's nothing to fix. Problems are caused by hosed systems to begin with. The majority of users had no problems at all.
What do you mean "hosed systems?" I never had problems with Software Updates until 10.3.9. I have none of these third-party apps others mention and don't know enough to tweak and play around with. It's the same OS I originally installed with the various Updates Apple has released.

So why did 10.3.9 break my system then?

What do you mean "hosed systems?" I never had problems with Software Updates until 10.3.9. I have none of these third-party apps others mention and don't know enough to tweak and play around with. It's the same OS I originally installed with the various Updates Apple has released.

So why did 10.3.9 break my system then?

Have you read the 'fix' (http://docs.info.apple.com/article.html?artnum=301380) from Apple?

FWIW, for those saying they didn't see the update, I updated this evening (4/20, 8PM EDT), so it was still available to me at least, at that time.

Since installing this, Mail twirls the rainbow ball after launching; before it was much snappier after X.3.9.

The "SecUpd2005-004" has an issue that affects users with multiple accounts. Any 'standard', or 'managed' accounts will not be able to log in after this update is installed.

Symptoms: 'Standard' or 'Managed' user tries to log in and never gets beyond the first screen with the horizontal spinning Barber Pole.

The simple fix, until the apple engineers release a patch (promised to be within 24hrs), is to turn any 'Standard' or 'Managed' accounts into 'Admin' accounts in System Preferences/Accounts. Login will proceed normally.

Hope this saves someone out there some agony.

Symptoms: 'Standard' or 'Managed' user tries to log in and never gets beyond the first screen with the horizontal spinning Barber Pole.

From what I heard, this was only for managed users at levels below Standard. At any rate, my standard account logs in fine. I haven't tried my simple finder account yet, though, cuz I don't feel like locking my Mac up. Anyone know what the, erm, prognosticators of this issue are? :D That is, what are the characteristics of a system that is likely to be b0rk'd by this?

But I did have the F12 issue...just no issues with my Standard user account.

From what I heard, this was only for managed users at levels below Standard. At any rate, my standard account logs in fine...

Well consider yourself one of the lucky few. When I worked myself up the Applecare ladder to someone with knowledge of the issue, she said that it had also affected some users with standard accounts as well.

Well consider yourself one of the lucky few. When I worked myself up the Applecare ladder to someone with knowledge of the issue, she said that it had also affected some users with standard accounts as well.

Rejoice, my dear, Tiger is mere moments away! :D