http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com)

Now available via Software Update:
Security Update 2005-005 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

Apache
AppKit
AppleScript
Bluetooth
Finder
Foundation
Help Viewer
lukemftpd
sudo
Terminal
VPN
X11

For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798

This update apparently shows to users of OS X 10.3.x Panther, but not for OS X 10.4 Tiger users.

This update apparently shows to users of OS X 10.3.x Panther, but not for OS X 10.4 Tiger users.

True dat. :cool:

Happy to see that Apple is still looking out for those of us still running Panther. Now to see if there will be a 10.3.10.

Wow, that's a lotta security holes. You 10.3 weenies better install right quick! ;)

Now to see if there will be a 10.3.10.

Time to start a poll?

"Will there be a 10.3.10 update?"

• YES
• NO

i say yes there will be a 10.3.10
:cool:

YES. Apple's gonna support Panther for as long as the Pro apps still work in Panther.

"Will there be a 10.3.10 update?"

No, there will only be security updates.

hrm, a new os is out.. and apple is out making security updates for 10.3... :cool:

Happy to see that Apple is still looking out for those of us still running Panther. Now to see if there will be a 10.3.10.
I'll say. Is it just me or is the rate at which Apple upgrades its operating systems just a little rich - $200 here in Australia to get Tiger ... seems like only yesterday I paid that for Panther!!

great... didn't we just have a security update?

a couple of them were reported by the same guy... do people sit around and try to figure out ways to exploit the OS? i wonder how many developers or active hackers are floating around these forums. do any of you try to find/stumble across security holes? report bugs?

is it because mac users are proactive about fixing and reporting problems instead of just sitting around and compaining about them?

just curious.

-to

I bet there will be a 10.3.10 some day.

Re upgrade rates... if you bought the last OS recently, you're free to keep using it. Your Panther apps running in Panther will keep right on working. If you find Tiger has value, you can get it--I'm glad I did!--but that's your choice.

OS X is a new (well, young) and revolutionary OS. Any new OS will grow and improve rapidly at first, and then that slows down over time. This is happening, naturally, with OS X, and Tiger will be with us even longer than Panther was.

And these are big upgrades. The decimal point is just a naming convention to let Apple keep using the "X" logo for branding.

To put the upgrade cost issue into perspective:

Since OS X 10.0 was released in early 2001, there have only been THREE paid upgrades of OS X ever: 10.2, 3, and 4 (remember: 10.1 was free). The time leading up to those paid upgrades was 17 months, 14 months, and 18 months. NEVER 12 months as people often falsely repeat. The next one is expected to be even longer in coming--some time in 2007 maybe.

10.0 Cheeta
...17 months (includes free 10.1 upgrade 11 months before Jaguar)...
10.2 Jaguar (first paid upgrade)
...14 months...
10.3 Panther (second paid upgrade)
....18 months...
10.4 Tiger
....even longer before the next one?

If you'd rather Apple not improve things so much, and release big upgrades every 2 years instead of every year and a half, you can achieve that by just not buying every upgrade. Lots of people get by just fine that way, just like they don't buy every version of every software program they own. Even NEW apps often run on older OS versions... and the ones you already have will of course keep running.

There - the Panther is now perrrrrfect...uptime of 200+ days, here we go!

I'd love to use my software update tool, but it's broken in my version of Tiger. :(

So... will the first security update for Tiger be 2005-006? In which case all the Tiger users wonder what's happened to number 5. Or will they come up with some other naming convention?

Has there been a Tiger update yet that shows up in software update? There was that Java update but I think you had to install it separately. My vote is no 10.3.10.

I bet that most of this isnt a security update at all, but rather some updates that may or may not be security related because Apple ran out of update numbers.

I bet that most of this isnt a security update at all, but rather some updates that may or may not be security related because Apple ran out of update numbers.

Nnnggh. Anyone saying "ran out of update numbers," even in jest, should be taken out and given a good slapping. Enough already! Enough!

--Eric

I bet that most of this isnt a security update at all, but rather some updates that may or may not be security related because Apple ran out of update numbers.

You're just picking a fight, right?

I'd love to use my software update tool, but it's broken in my version of Tiger. :(

Now, I wonder why that would be. :eek:

Wow, that's a lotta security holes. You 10.3 weenies better install right quick! ;)

10.3 weenies.... I love it. Let the divide begin!

I bet there will be a 10.3.10 some day.

Re upgrade rates... if you bought the last OS recently, you're free to keep using it. Your Panther apps running in Panther will keep right on working. If you find Tiger has value, you can get it--I'm glad I did!--but that's your choice.

OS X is a new (well, young) and revolutionary OS. Any new OS will grow and improve rapidly at first, and then that slows down over time. This is happening, naturally, with OS X, and Tiger will be with us even longer than Panther was.

And these are big upgrades. The decimal point is just a naming convention to let Apple keep using the "X" logo for branding.

To put the upgrade cost issue into perspective:

Since OS X 10.0 was released in early 2001, there have only been THREE paid upgrades of OS X ever: 10.2, 3, and 4 (remember: 10.1 was free). The time leading up to those paid upgrades was 17 months, 14 months, and 18 months. NEVER 12 months as people often falsely repeat. The next one is expected to be even longer in coming--some time in 2007 maybe.

10.0 Cheeta
...17 months (includes free 10.1 upgrade 11 months before Jaguar)...
10.2 Jaguar (first paid upgrade)
...14 months...
10.3 Panther (second paid upgrade)
....18 months...
10.4 Tiger
....even longer before the next one?

If you'd rather Apple not improve things so much, and release big upgrades every 2 years instead of every year and a half, you can achieve that by just not buying every upgrade. Lots of people get by just fine that way, just like they don't buy every version of every software program they own. Even NEW apps often run on older OS versions... and the ones you already have will of course keep running.


Thank you for having such an astute memory. ;)

Wow, that's a lotta security holes. You 10.3 weenies better install right quick! ;)


Well, I will only be a weenie for 5 more days. (That's when my copy of Tiger is supposed to arrive.)

Apple will continue with the security updates but I imagine that they will want to wrap development on 10.3 as soon as possible and get onto 10.5.

The end of 10.2 was x.x.8 which came out just before Panther and there was no more... expect for the security updates.

As for names I see no reason to let go of the big cat theme... we still haven't see a lepoard or an ocelot or a lion for that matter... maybe they could start with domestic cat names like persian or tonkinese...

Now don't start with the ***** jokes!! :D

Am off to buy tiger this afternoon (hopefully)

Well, no update for us 'retro' Jaguar users. I guess with the release of Tiger we can slowly expecting cutbacks on the updates. I guess I might just have to upgrade. . . .

Good to see Apple hasn't completely abandoned 10.3 just yet. ;)

Thanks for the FYI.. I am going to Remote into my G5, and remote into the G3 from the G5 to install this patch :)

Apple will continue with the security updates but I imagine that they will want to wrap development on 10.3 as soon as possible and get onto 10.5.

The end of 10.2 was x.x.8 which came out just before Panther and there was no more... expect for the security updates.

As for names I see no reason to let go of the big cat theme... we still haven't see a lepoard or an ocelot or a lion for that matter... maybe they could start with domestic cat names like persian or tonkinese...

Now don't start with the ***** jokes!! :D

Am off to buy tiger this afternoon (hopefully)

I am fond of "OS X Maine Coon" :D

I think there will be a 10.3.11 :)

I suppose I should upgrade from 10.3.5 sometime...

I don't know if the security update was the cause, but soon after doing the update my computer went crazy and boots to a black screen with white text. The folks at AppleCare were unable to help me and I have an appointment with the Apple repair center tomorrow to get it looked at.

iMac G4 1.0Ghz
OS 10.3.9

YES. Apple's gonna support Panther for as long as the Pro apps still work in Panther.

Hmm. Microsoft supported Windows NT 4.0 for more than 10 years, wonder if Apple will support OS X that long ;-)

I am fond of "OS X Maine Coon" :D
As I have stated in another thread, we already know OS X 10.7 will be called "British Tick." Thanks AtAT!

I think Apple is just tying up the final loose ends in Panther before they move on to fixing the holes in Tiger.

This better fix the problem of icons stacking on top of each other all over my desktop.(10.3.9) Its driving me nuts!
Everytime something mounts, or downloads, it ends up ontop of other icons!

Hmm. Microsoft supported Windows NT 4.0 for more than 10 years
That's not true, windows NT 4.0 was released in 1996, which is less than 10 years ago.

a couple of them were reported by the same guy... do people sit around and try to figure out ways to exploit the OS? i wonder how many developers or active hackers are floating around these forums. do any of you try to find/stumble across security holes? report bugs?

is it because mac users are proactive about fixing and reporting problems instead of just sitting around and compaining about them?
Some of the packages mentioned are open source packages that Apple decided to use in OS X, but they are not specific to OS X, they run on other BSD flavors and Linux as well. So the vulnerabilities may not be Apple-specific.

This better fix the problem of icons stacking on top of each other all over my desktop.(10.3.9) Its driving me nuts!
Everytime something mounts, or downloads, it ends up ontop of other icons!

Is there a specific reason that you're not willing to select the "keep arranged by..." option from the Finder view options (click on the desktop, then choose it from the view menu)? This should take care of your problem rather dandily. Plus <rant> all folders should be organized by kind almost all the time </rant>.

<sacrilege> Now what they need to fix is that folders are not considered at the top of the list of "kinds" like they are in Windows! :eek: </sacrilege>

a couple of them were reported by the same guy... do people sit around and try to figure out ways to exploit the OS? i wonder how many developers or active hackers are floating around these forums. do any of you try to find/stumble across security holes? report bugs?

is it because mac users are proactive about fixing and reporting problems instead of just sitting around and compaining about them?I reported 4 of the fixes in this update (and 1 that was fixed in 10.3.9). I have both stumbled on by chance and proactively been looking for issues. And they are not that hard to find...It is important that we "good guys" start to look for problems before spammers, worm writers and the like take an interest in the platform.

Vulnerability research is a common practice (google for "bugtraq" for example), performed for intellectual stimulation and academic credit or for profit by security companies. Government agencies also engage in this, as well as system administrators looking to secure their systems. And then of course we have the malicious hackers looking for holes to exploit.

I think it is important to raise the security-awareness in the Mac community. Windows users have had years to get trained in avoiding malware etc (and they're still doing a lousy job of it). Mac users have been living a sheltered life, something that could be subject to change at any time as the platform's market share increases. Illusions of OS X being invulnerable help no-one.

/ Rgds, David

Time to start a poll?

"Will there be a 10.3.10 update?"

• YES
• NO

You forgot one... "Don't Care" for those running Tiger. ;)

<divide>Panther rocks! Tiger sucks! </divide>

Well I do plan to upgrade to Tiger, I am happy with Panther. I am suprised, however, at the problems being reported with Tiger. I know there will always be incompatibilities with exisiting software, it just appears to be more problems in Tiger than Panther or Jaguar. The upgrade install also has given people more problems than in the past. I am left wondering, is this just an appearance because of increased interest in the press by Apple, or is Apple lossing some quality control?

!!!!!!!!!!!!


After installing this update on my iMac and can no longer connect to my G5 fileserver on my LAN.... it prompts me to log on then then I get the infinite beachball spin.... can't even log on as a guest

HELP!!!!!!! I have work to do!!!!!

And it's called 10.4.

There will be no more 10.3.x updates.

Stick a fork in it (10.3.x), because it's done already.

Sure there will be security patches, but that's about it.

If you want something more then upgrade to 10.4.

Whatever.

I repaired permissions on the G5 and have my LAN connectivity restored......phew

And it's called 10.4.

There will be no more 10.3.x updates.

Stick a fork in it (10.3.x), because it's done already.

Sure there will be security patches, but that's about it.

If you want something more then upgrade to 10.4.

Whatever.

With Apple you never really know for sure. It will depend on how soon the entire Panther team transfers to work on 10.5.

I wonder how long before tiger gets one of these? :confused:

I dunno-10.3.9 seems to be causing more problems than it is fixing-I would say it would be an excellent gesture for Apple to wrap up Panther with an update that doesnt suck for once-hence we should see a 10.3.10... :rolleyes:

I went back to Panther on my iBook because im having some really wierd stuff happen in Tiger like firewire drives not showing in Finder and my brightness controlls not working on the keyboard.

Tiger blows tilll they do some updating to it... Definatly not ready for the spotlight. Horray for a Panther security update.

The good part of this update is that finally (as at today) there are no vulnerabilities outstanding for mac OS X in the secunia database. I think there might be some on bugtraq though.

This is not showing up on my PB running 10.3.8

eWeek sure slammed Apple for these security issues.
By Ryan Naraine
May 3, 2005

"Apple Computer late Tuesday released an update to fix a whopping 20 security flaws in its flagship Mac OS X and warned that the most serious bugs could lead to remote code execution attacks.

Apple Computer Inc.'s Security Update 2005-005 includes patches for Mac OS X v10.3.9 and Mac OS X Server v10.3.9. It covers a wide range of vulnerabilities that could be exploited by remote or local attackers to execute arbitrary commands, trigger a denial-of-service condition or obtain elevated privileges.

The mega update comes just two weeks after the Cupertino, Calif.-based computer maker shipped patches for a range of potentially serious kernel and browser flaws. Since April 18, Apple has posted fixes for 28 Mac OS X vulnerabilities.

The latest update includes fixes for a buffer overflow in the Apache htdigest program and an integer overflow in the handling of TIFF files that could permit arbitrary code execution.

"A malformed TIFF image could contain parameters that result in image data overwriting the heap. This issue has been addressed by adding additional tests when calculating the space needed for an image," Apple said.

It also plugs a local code execution hole in the Netinfo Setup Tool (NeST) that was discovered and reported by private research outfit iDefense Inc. Local attackers could exploit the NeST bug by supplying an overly long value to overflow the buffer and execute arbitrary code.

A pair of Bluetooth vulnerabilities also are fixed, along with a denial-of-service bug in the operating system's AppKit.

A buffer overflow in the Mac OS X Foundation framework gets patched along with a Help Viewer vulnerability that could be used to run JavaScript without the restrictions normally imposed.

A pair of denial-of-service and code-execution holes are plugged in libXpm, while two separate vulnerabilities in the Terminal utility are addressed. One of the Terminal flaws allows window titles to be read as input via a particular escape sequence. This could allow malicious content to inject data when it is displayed in a Terminal session, Apple warned.

The update also addresses bugs in AppleScript, Directory Services, Finder, LDAP, lukemftpd, Server Admin, sudo and VPN."

I did the update but when I go to “About this Mac” it is still showing 10.3.9 and even tried running the software update again and it says my software is fully up to date , try back later.

Is anyone else running into this issue? What can I Try to get it to show 10.3.10?
:confused:

Nevermind i didn't notice there isn't a 10.3.10 yet woops! :p

I am fond of "OS X Maine Coon" :D

I'm all for using one-name celebrities as a new naming convention. Get them to promote it, etc.

OSX Cher.

OSX Bono.

Think of the endorsement potential!! And related apps!! Cher-ware!!