Apple has released a new Security Update today:

Security Update 2004-04-05 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components: CUPS Printing, libxml2, Mail, OpenSSL

Available in Software Update.

Apple has released a new Security Update today:



Available in Software Update.
Go security update

Wahoo! A security update. I love updates.

Works for me, nothing bad has happened yet anyway:-)

Viv

installed and running..... no problems yet....

Ok, now it's time for the weekly comments:

"Man, since we have a software update, we must be getting new xxxxxx on Tuesday!"

800MHz G3 ibook - no problems....just about to update Powermac.

Could some one explain to me, if this is a security update why there would be a component related to printing.

Could some one explain to me, if this is a security update why there would be a component related to printing.

Two possiblities immediately jump to mind:

1) Networked printers
2) Local privilige escalation

Could some one explain to me, if this is a security update why there would be a component related to printing.

"Security Update" is the general name given to any miscellaneous update.

Ok, now it's time for the weekly comments:

"Man, since we have a software update, we must be getting new xxxxxx on Tuesday!"

Man, since we have a software update, we must be getting new Dual 3GHz PowerBook G5s tomorrow!

He he he he.... http://www.ghwphoto.com/smilies/grin.jpg

Ok, now it's time for the weekly comments:

"Man, since we have a software update, we must be getting new xxxxxx on Tuesday!"

Hey, if we get a software update today, doesn't that mean new G5s on Tuesday?

Any software using Memory (Which covers most software) can be exploited to cause buffer overflow errors which can be used to hack a machine.
There are probably other reasons why in theory, any piece of software can cause a potential security risk.

Could some one explain to me, if this is a security update why there would be a component related to printing.

CUPS printing opens up a port on your computer for communications, including modifying your printing settings. There have been a few security fixes with CUPs in the past if I recall.

For giggles, go to http://localhost:631/ ... that's the CUPS way to configure printing ...

Hey, if we get a software update today, doesn't that mean new G5s on Tuesday?

Yes. The only question is which Tuesday. I vote for the first Tuesday of a month that begins with J, or maybe A, or maybe S, or maybe . . .

Yes. The only question is which Tuesday. I vote for the first Tuesday of a month that begins with J, or maybe A, or maybe S, or maybe . . .

Yeah!! The first Tuesday of a month that begins with an A!! That means tomorrow!!

.
.
.

;) :rolleyes:

The update talks about open ssl.

Does this mean that Safari will no longer crash when connected via https ?

Ran it on both of my Mac's ibook G3 800, Powermac dual 867....no problems here.

Yeah!! The first Tuesday of a month that begins with an A!! That means tomorrow!!

.
.
.

;) :rolleyes:

Or August?

http://www.ghwphoto.com/smilies/wink.jpg http://www.ghwphoto.com/smilies/rolleyes.jpg

Or maybe April 2005 :rolleyes:

It's very interesting that this French site had posted this update a few days ago.

http://croquer.free.fr/

They have a bunch of rumors that are quite juicy...

Ran it on both of my Mac's ibook G3 800, Powermac dual 867....no problems here.Only prob I had was a lockup on initial restart, but a hard restart fixed it.

i only like these updates that require a restart because they give me an excuse to run cocktail and SOX.... but that's a good thing....

reality

woohoo! security update!! wait..starting to feel like windows a bit..security update here, security update there... :confused:

Yes. The only question is which Tuesday. I vote for the first Tuesday of a month that begins with J, or maybe A, or maybe S, or maybe . . .

Hmm no your wrong, it'll be the third tuesday!

realize that all the components that were updated, save for Mail, are *nix apps. Those are constantly updated and fixed when a flaw is found, so it's not only normal but important that Apple updates them as well. And if you look at the past Security Updates, you'll see that it's mostly *nix stuff too.

I sometimes wonder why Apple don't roll more of their security updates into the 10.3.x updates, because all of the exploits always seem really minor, so I don't think anyone would notice and it would keep the security update count down.
I suppose though it make more sense to release them as soon as they're done. Hmmm.

What happened to the QuickTime 6 security update? Surely Apple aren't still working on that?

AppleMatt

Are the wireless Keyboard and mouse updates new too? or did I just miss hearing about them?

Ran them and no probs so far, some kind of firmware update, nothing appears different.

Man, since we have a software update, we must be getting new Dual 3GHz PowerBook G5s tomorrow!

He he he he....

Yes! http://www.angelfire.com/jazz/seth/iconrolleyes.gif

And they'll have anodized black aluminium (sp?)!!!!! :eek: :D

g4 700 emac 1g ram

machine slowed sigificantly on initial boot. Will retry.

no troubles on eMac 1Ghz

Ok, now it's time for the weekly comments:

"Man, since we have a software update, we must be getting new xxxxxx on Tuesday!"

Nice, theres one in every thread

A security update and a bluetooth firmware upgrade in one quarter?? Apple is really starting to spoil us!

I think this kind of news should be posted on Page 3.

Upon update and restart, I couldn't get any programs to run for more than 2 seconds. Rebooted on external drive, and found that there is something wrong with the OS on my external as the video was all messed up (unrelated to update) rebooted back on internal drive, and now everything works okay (so far). I was scared for a second there.

iBook 700 w/ new logic board and fantom drives 80 gb external

Why are people rating this as a negative? Its to make our computers more SECURE! So what is there are more updates, at least we don't have major holes :)

No problems with the update on my iBook 800 :->

Its great that apple release regular updates - get more from the $199 cost, and of course, fixed security holes (yes, OK they are unlikely to be exploited). Oh, unlike MS, the patches don't need patches (apart from *that* one last year).

Only downside is the loss of uptime! :-;

Why are people rating this as a negative? Its to make our computers more SECURE! So what is there are more updates, at least we don't have major holes :)


see my post above... non working programs after update means a negative rating..

I think this kind of news should be posted on Page 3.

News has been so slow lately that they have to put *something* onto the front page to keep us reading. ;)

Hey, if we get a software update today, doesn't that mean new G5s on Tuesday?

Don't you guys ever get sick of posting the same questions every single Monday of the year?

PowerPage are now claiming new Macs will be released next week or the week after....

Yep, eventually they'll be right... eventually.

Don't you guys ever get sick of posting the same comments every single Monday of the year?

It's very interesting that this French site had posted this update a few days ago.

http://croquer.free.fr/

They have a bunch of rumors that are quite juicy...

Please elaborate. I can't read French! (or speak it for that matter) :)
if their Security Update prediction was correct, i'd like to hear other rumors. . .

For a good laugh, try their Translate to English (http://babelfish.altavista.com/babelfish/tr?doit=done&urltext=http://croquer.free.fr&lp=fr_en) link.
"2004-03-08 - Update of the square mother chart" - What?!

I sometimes wonder why Apple don't roll more of their security updates into the 10.3.x updates, because all of the exploits always seem really minor, so I don't think anyone would notice and it would keep the security update count down. They do that actually, but I think it's better to have the security updates separate as well so we don't have to wait too long between them.

Please elaborate. I can't read French! (or speak it for that matter) :)
if their Security Update prediction was correct, i'd like to hear other rumors. . .

For a good laugh, try their Translate to English (http://babelfish.altavista.com/babelfish/tr?doit=done&urltext=http://croquer.free.fr&lp=fr_en) link.
"2004-03-08 - Update of the square mother chart" - What?!That Translate link is a very loose one if that. I got a laugh just trying to figure it out

Woohoo... this is sooo much better than getting new updated machines or displays [cough cough gag] give me an effing break!

Works for me.

realize that all the components that were updated, save for Mail, are *nix apps. Those are constantly updated and fixed when a flaw is found, so it's not only normal but important that Apple updates them as well. And if you look at the past Security Updates, you'll see that it's mostly *nix stuff too.

Bear in mind that a lot of these are updates to shared libraries, which are also used by the Apple apps, not just the "unix" ones.

/ek

Did Apple forget to send you a free computer?

Security Updates are always good... having to take the time to install them is a drag. Still, better than getting whacked by the new Windows virus of the day.

A security update and a bluetooth firmware upgrade in one quarter?? Apple is really starting to spoil us!

I think this kind of news should be posted on Page 3.

:D :D :D

NOW I'm having problems.....


before the update, everything was fine.... now, I can't print to the HP connected to my AEBS......


REALLY NOT GOOD! It is not a compatible printer but it had worked fine until now.....

see my post above... non working programs after update means a negative rating..

Maybe it's because it was probably designed to boot the first time from the internal drive not an external.
The main reason it's being voted negative is because it's another day without a HD update.

For all the people who are suggesting to only bundle the security updates with OS updates, there is nothing stopping you from not installing them. Usually the OS updates include the security updates in them.....so just wait. For the rest of us we'll take the more secure system today.

Now, if only they didn't require a system restart I'd be happier.

I've got a 600mghz ibook and after I installed the update and restarted I thought all was ok. Soon after my whole computer completely froze. I mean COMPLETELY- that never ever happened before. So I shut it down and restarted only to find during restart that it would stop and tell me to restart again! Luckily I went through safe mode and since then everything is fine but let me tell you this was the worst I've ever experienced on the Mac and LOL it wasn't anything compared to a normal pc problem :)

Could some one explain to me, if this is a security update why there would be a component related to printing.

Apple learned that some highly skilled hackers were able to gain control of attached printers and print endless amounts of pornography.

Now, if only they didn't require a system restart I'd be happier.

If you have any idea about OS internals, you would know this is a foolish wish.

/ek

Maybe it's because it was probably designed to boot the first time from the internal drive not an external.
The main reason it's being voted negative is because it's another day without a HD update.


I only booted from the external AFTER it was not working correctly on my internal drive. My external is running 10.3.2, and the internal is 10.3.3 with all the newest updates.

Zzzzzzz.....

If you have any idea about OS internals, you would know this is a foolish wish.

/ek Actually, UNIX (and Linux) servers can get over 400 days uptime while still using the latest versions of stuff. The only thing they need to restart are the updated utilities and anything that uses them. Of course, on a consumer machine, it's just simpler to restart the entire thing.

Actually, UNIX (and Linux) servers can get over 400 days uptime while still using the latest versions of stuff. The only thing they need to restart are the updated utilities and anything that uses them. Of course, on a consumer machine, it's just simpler to restart the entire thing.

Oh I know that.

But with all the effort involved in restarting this and that on a Mac because a shared library changed, you might as well reboot.

And of course, if it were an update to a kernel module, then the reboot is naturally unavoidable (someone actually tried to convince me this wasn't the case recently - the kernel "magically" picked up the changes)

riiiiight. crack monkey.

/ek

Of course, on a consumer machine, it's just simpler to restart the entire thing.

no, it's not. installer asks for admin password before it even begins to update the system, so it's not hard to execute few sudoed commands and restart the daemons in question. this kind of force-restart however is acceptable when we after all are talking about desktop operating system, but i somehow suspect that osx server updates will also require restarts, and THAT's not acceptable imho.

apple takes too little advantage of the unix foundation. they could make restartless updates easily if they wanted, and they could also improve their apps in many ways. for example - imagine itunes/iphoto/addressbook/ical all having global libraries (in addition to the user's personal libraries) where all users in same computer could keep things that all are using... they could do that. they just don't yet get unix and multi-user coumputers to the fullest. yes, they know what server is, but regular joe doesn't have panther server in the closet. ok, off topic, end of story.

Actually, UNIX (and Linux) servers can get over 400 days uptime while still using the latest versions of stuff. The only thing they need to restart are the updated utilities and anything that uses them. Of course, on a consumer machine, it's just simpler to restart the entire thing.

Yep. The big thing that System Update will have problems with is figuring out what third-party software might be using the libraries it's updating, what effect leaving that stuff running might have, or what effect trying to automatically restart it might have.

Those who want to take matters into their own hands can always use /usr/sbin/softwareupdate instead of the GUI, examine the receipts, and decide how to proceed.

Yes! http://www.angelfire.com/jazz/seth/iconrolleyes.gif

And they'll have anodized black aluminium (sp?)!!!!! :eek: :D

Nice... http://www.ghwphoto.com/smilies/cool.jpg

And, it's aluminum. http://www.ghwphoto.com/smilies/wink.jpg

no, it's not. installer asks for admin password before it even begins to update the system, so it's not hard to execute few sudoed commands and restart the daemons in question. this kind of force-restart however is acceptable when we after all are talking about desktop operating system, but i somehow suspect that osx server updates will also require restarts, and THAT's not acceptable imho.

Okay, so wat happens when it's Finder that needs a restart? WindowManager? eh? hmm? How about when it's an update to the kernel itself?

Even on $500,000 Sun Solaris servers, reboots are sometimes unavoidable. Sure, you can restart this daemon and that daemon, but if you're updating something like libc.so, libsocket, or the like, you reboot.

tossing around this "it's not acceptable!" BS in the face of logic just screams lack of experience.

/ek

Yep. The big thing that System Update will have problems with is figuring out what third-party software might be using the libraries it's updating, ...

While the comments about the effects of restarting third party apps, etc., may have some merit, the question of which third party apps are using a given set of libraries is easily handled. After all, that's what pre-binding is all about...

Okay, so wat happens when it's Finder that needs a restart?

So what if it's the Finder? I have a 'Quit' menu item on the Finder, and occasionally use it. You can quit the Finder and keep using the system. Under normal circumstances, it simply restarts immediately.

WindowManager?

Again, the process quits and then restarts. Your screen might flash to black, depending on the process being restarted, but then it would come back up.

How about when it's an update to the kernel itself?

I don't think that he said that you could always avoid restarts. In fact, updating the kernel was stated as the one time when a system restart was unavoidable. I believe that the argument was that Apple should leverage the Unix underpinnings of OS X to provide us with more restart-less updates...

lack of experience.

well, you're right, i wasn't there in the 1960's when first unix code was written. i however have made myself familiar with many different kind of unix systems in the last 15 years i have worked with and administered these beasts. i think i know something.

most apple updates make unnecessary reboots as only the ones that touch kernel are absolutely necessary. i think i pointed out that it is unacceptable to unnecessarily force reboot for apple SERVER systems, so take a break. though every mac osx is a unix and therefore capable of acting as server, not all unix systems actually act as servers. you know, these costly things called hardware, that's what defines if the unix system is a desktop, workstation or server class one.

apple has great potential in the underlying unix system. i only hope they begin to take more aggressively advantage of it. there's more to it than what meets the eye.

Hehe... Macrumors forum-folk, we've all got to be a little less predictable :D

1) Security Updates Do Not a-Windows Make.

Relaaax -- these updates are pre-emptive. The highly skilled people who work on these underlying systems are actively bug-hunting on behalf of the entire Unix community. Every Unix system that uses these libraries (CUPS, libssl, etc) benefits from their work. Unlike Windows, we're not reliant on one monolithic entity to get around to deciding a bug's worth fixing. The people who find these bugs know their particular field intimately. Each of these updates brings more improved code.

2) OS X is Modular.

These are highly targetted updates. As a Windows network admin, I sometimes get the feeling that MS updates are like a band-aid on a axe wound. With OS X, the structure is sound -- it's served the Unix world in some form or another since the 1960's, and the NEXT world since the 80's.

3) Restarts

It'd be great if these updates didn't require a reboot. We're not there yet, but Apple have in the past confirmed that this is something they're working towards. For my consumer system, I'm quite happy to reboot for updates -- heck, it's about the only time I do reboot. And at least we know rebootless-updates are possible, even if we've not got them now. Windows Update Services have just about managed to be able to install multiple updates without rebooting between each of them.


... and just to reiterate -- these updates do not reflect any underlying weakness in OS X. These aren't released as a mad scramble to correct some brain-damaged design decisions. They're aimed at fixing the inevitable potential or actual bugs that exists in almost every piece of code in the known world.

I still think Apple need to tidy up some rough edges. Sometimes (although this hasn't happened to me for quite a while now) an update has clobbered a customised configuration and replaced it with the default. Not sure if that's still an issue, but it's something I'm conscious of.

My Mac's been updated all the way from 10.0.3 to 10.3.3, with every update in between, without any serious bustage. It's not been reformatted once in 2 1/2 years. It's still a clean system, without cruft or flakiness.

Apple learned that some highly skilled hackers were able to gain control of attached printers and print endless amounts of pornography.

I'd like to see them try and connect to my Personal LaserWriter...

no seriously, I want them to, maybe then they can tell me how they did it. :) :p :rolleyes: I love these new colored emoticons!!

<Listening to Star Wars Cantina Band>

I only booted from the external AFTER it was not working correctly on my internal drive. My external is running 10.3.2, and the internal is 10.3.3 with all the newest updates.

Well I've never had a boot issue..well except for once and I did a hardboot to fix that. I found out later it was because I had a ton of bad permissions...so you may want to check those. I usually run it once a month to just be on the safe side or after a maj update.

Updating was hassle-free as always.
I hope the updates or fixes in Mail will finally end the multiple crashes I've experienced.

Is this something common? Mail crashing? I usually use it and it works fine, but when I try to quit, the beach ball appears and I can't force quit from the dock, I have to go to the apple menu and then force quit. It doesn't always happen, but maybe 1 in 2 or 1 in 3...
Have any of you experienced this? :rolleyes:

Installing on my SE 30........

Having trouble re-booting.....

Machine smoking.......

I noticed a change in Safari:


There is a title on the Menu Bar called 'Debug'. It is either new or I just never noticed it before. I think it is new because it is after the Help title and normally everything is before. Reply & tell me if I'm right.

I noticed a change in Safari:


There is a title on the Menu Bar called 'Debug'. It is either new or I just never noticed it before. I think it is new because it is after the Help title and normally everything is before. Reply & tell me if I'm right.

no debug menu here...
wonder what it is. :rolleyes:

Go security update

I always love how painfully obvious it is when someone types up a quick, 3-word post which contributes nothing to the discussion, just in a pathetic attempt to get the first post. ;) :p :cool:

Now, as for the subject on hand, I really like it when Apple releases these updates, however for their next security update I would like to see them bump up the Apple community's sense of security knowing that they have the fastest desktops in the world - in other words, a 2.4 GHz G5 PowerMac security update to make Mac users feel more secure in their supremacy. :cool:

For all the people who are suggesting to only bundle the security updates with OS updates, there is nothing stopping you from not installing them. Usually the OS updates include the security updates in them.....so just wait. For the rest of us we'll take the more secure system today.

Now, if only they didn't require a system restart I'd be happier.

I'm not bothered about the number of updates, I'm not saying I enjoy them but it's always nice to see SoftwareUpdate list something that's been improved :) (Especially as with 99% of Apple updates, things are improved). I was just saying (I don't know about the others) the "regular" security updates are fuel for people like our favorite Paul Thurrott, who will magically convince 50% of his readers that these obviously show Apple can't code and Mac OS X is obviously less secure than Windows. On the other hand, I can see it as an excellent advantage when Apple release the updates the second they're ready, and that the flaws are as yet unexploited.

And I agree, the vast majority of OS X updates don't need a restart. I wonder why this hasn't been fully implemented yet, but the post by displaced is true (do you or anyone else have a source for this, I'd be interested in reading it), perhaps it will be a selling point for 10.4.

tossing around this "it's not acceptable!" BS in the face of logic just screams lack of experience.

Notice he said "imho", or, in his humble opinion as a 15yrs+ UNIX administrator.

AppleMatt

Now if they could concentrate on something useful like helping the 20% of users that the Video Drivers in 10.3.3 made their system buggy, instead of the 1% that cared about some caca security update :confused:

i think it quite funny that you guys whine about windows always having security updates all the time and man, how horrible it must be to run windows and always have all these security problems, and blah blah blah.

do those of you that feel this way realize that we get an OS X security update every couple of weeks just like XP users?

There are 2 reasons you don't hear about the OS X security issues:

1. in comparison to windows, nobody uses OS X...especially not hackers.
2. apple likes to be extremely vague about their security problems. this is a good and bad policy. It is good because it makes it more difficult for hackers (if there were any) to find and exploit weaknesses before they are patched. it is bad because a 'power' user will always be better off with more information instead of less...and apple in general prefers to give less.

we're all just lucky that OS X is 1% of the market, if that...if it gets too popular, we could be in trouble...

This looks to be a good security update. I will do backup of documents and then install later.

Windows updates come out every time someone finds a new 'hole'. (And they only know its been found, once its been exploited.)

The first you usually hear about Mac security holes is when Apple patch them. The problem is therefore shortlived.

Prevention versus Cure.

As for hackers NOT using OS X, a guy from the FBI was quoted a little while ago as saying: "If you're a hacker, and you don't want to get caught, use a Mac." Or words to that effect.

I'm sure someone must have given him a good reason to hold such an opinion.

i think it quite funny that you guys whine about windows always having security updates all the time and man, how horrible it must be to run windows and always have all these security problems, and blah blah blah.
...
we're all just lucky that OS X is 1% of the market, if that...if it gets too popular, we could be in trouble...

Considering how few of these will affect the average user, we're not in that much distress as Windows users in general. Most of the issues end up being server issues and the services are turned off in the client. While they should be patched, they are not security risks with the same immediacy as those in Windows.

Mac OS X is much more secure by design even though there are portions which have had problems. If those portions aren't running, what risk is there?

woohoo! security update!! wait..starting to feel like windows a bit..security update here, security update there...

The difference is that their flaws are much easier to find while ours are much more difficult. For both hackers and developers I assume.

1. in comparison to windows, nobody uses OS X...especially not hackers.

Woah! Not true at all. BSD, the core of Mac OS X (Also known as Darwin), is probably the second choice of a hacker (next to Linux). If you don't believe me look at a respectable hacker forum sometime. Windows on the other hand is very looked down upon and is considered the choice of script kiddies.

Script Kiddies, for those who don't know are usually dumb teenagers who think they are cool because they download other people's software without knowing what is going on besides the appearance of the GUI interface.

Don't get me wrong though windows isn't that bad of an OS as people make it out to be. They still have quite a few problems that they have to hammer out but they are gettting better.

Yep. The big thing that System Update will have problems with is figuring out what third-party software might be using the libraries it's updating, what effect leaving that stuff running might have, or what effect trying to automatically restart it might have.


Figuring out what programs are using the libraries is trivial, since the OS knows this stuff. It's also not a big deal to leave the programs running while you update the library. They'll continue to use the old version of the library that's still in memory. They won't interact at all with the new library until you restart them.


How about when it's an update to the kernel itself?


Generally you do have to reboot then. But, OS X uses a microkernel which theoretically means you can even replace parts of the kernel without a reboot.

Personally, I don't mind the reboots. They are just easier than making software update figure out exactly which programs and components it needs to restart. It's possible to do though, and I wouldn't be surprised to see a new feature in a future version of OS X: "No more rebooting after updates." Just give Apple some time. ;)

The first you usually hear about Mac security holes is when Apple patch them. The problem is therefore shortlived.


To be fair, if the openssl vulnerability is what I think it is, it was found several weeks ago. The vulnerability I'm thinking of allows the attacker to crash the process using openssl. This doesn't really affect ssh though, since each connection spawns a new process. All the attacker can do in that case is crash the process they caused the creation of. Ultimately, harmless. You can do a similar thing with apache, where each connection is a new process, but I'm not sure if that's the default. If you use the main process to handle the all https connections, then maybe you would be able to crash the webserver. Otherwise, it's as unaffected as ssh is.

Well, that's all only if the vulnerability fixed is the one that I think is fixed. If it was more severe, I might not have waited for Apple to release the update and have rebuilt openssl myself.

And I agree, the vast majority of OS X updates don't need a restart. I wonder why this hasn't been fully implemented yet, but the post by displaced is true (do you or anyone else have a source for this, I'd be interested in reading it), perhaps it will be a selling point for 10.4.


Not got a source at hand -- just remember noises coming out of Apple about it being something they're looking at. (I'll try to dig up sources later... going out in a mo)

I tend to believe they're working on it. Why? Because OS X is a server strength OS, and I'd say update-without-reboot would be a very good feature to have. With experience of unix and windows development/admin, I'm also kinda asking myself why it's not there -- it seems too attainable a target for them not to be considering it :)

Unscientific, I know :D

i think it quite funny that you guys whine about windows always having security updates all the time and man, how horrible it must be to run windows and always have all these security problems, and blah blah blah.

do those of you that feel this way realize that we get an OS X security update every couple of weeks just like XP users?

There are 2 reasons you don't hear about the OS X security issues:

1. in comparison to windows, nobody uses OS X...especially not hackers.

Every couple of weeks? My Software Update log shows:

Nov 01, Nov 05, Nov 20, Dec 20, Jan 26, Feb 23, Apr 05

(yeah, November was busy ... if I had time I'd go find out what they were... but anyway)

To my mind, this isn't too bad -- compare this to the numbers of Windows updates available to Windows admins like myself -- here's (http://forums.macrumors.com/showpost.php?p=626607&postcount=40) a thread where I list the figures direct from our Microsoft Windows Update Services server.

Compared to the breadth and scope of MS updates, these OS X updates are small change.

Also, more often than not, these updates simply bring to OS X improvements that F/OSS developers have made to standard UNIX libraries or daemons which are used in almost every modern UNIX system. This latest update to cups (Common Unix Printing System) will, for example, be implemented on Linux distributions too.

This also puts paid to your comments regarding OS X's userbase. This software is common to many other Unix systems (Linux, Solaris, SCO [shudder] -- both desktop and server.


2. apple likes to be extremely vague about their security problems. this is a good and bad policy. It is good because it makes it more difficult for hackers (if there were any) to find and exploit weaknesses before they are patched. it is bad because a 'power' user will always be better off with more information instead of less...and apple in general prefers to give less.


eh?

You may be correct regarding Apple-owned software... although I can only remember one security issue with Cocoa in the past 2 1/2 years. But regarding libssl, apache, cups, etc... there's absolutely nothing preventing you from going to the project's site, reading their version histories, and even jumping in there and looking at the code yourself. Probably even able to grab the diff's for the patch and find the exact lines of code that've been changed.

And security through obscurity is no security at all. This doesn't help hackers by not showing them the code. For these unix tools, the code is available to everyone, all of the time. If a hacker wants to look for exploitable bugs in these tools, they can go straight to the horse's mouth. If they find an exploit, good luck to them -- it may well be possible to multiple unix variants.

But wait -- as soon as the exploit's discovered, absolutely anyone with a patch can submit it and get the hole fixed. Anyone can look at the code, and anyone with the ability can suggest a patch. And that patch will be distributed not only to every other unix variant, but to OS X too.


we're all just lucky that OS X is 1% of the market, if that...if it gets too popular, we could be in trouble...

:confused:

Seriously, I'm not practising fanboyism. Network and security management is my job and my interest .... just trying to share some knowledge and learn some myself.

Do I see this right? Did Mail.app go from version 1.2.4 to 1.3.7?

That's quite the version number increase, considering that they don't say anything about anything actually changing in Mail.

Whaddup with that?

Hey... look at the Apple document on this (http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html), in the lower-right corner, under System Requirements.

I see:

System Requirements
— Mac OS X 10.3.3 or later
— Client and Server
— SHA1= 30c78daca1859ddc84a6c8e5c1d31de32b4aa979

Where do I get one of those?

Do I see this right? Did Mail.app go from version 1.2.4 to 1.3.7?

That's quite the version number increase, considering that they don't say anything about anything actually changing in Mail.

Whaddup with that?

Well, I haven't installed this yet, and I have Mail.app version 1.3.4. So, if this update takes it to 1.3.7, that's really not that big a step. And, I believe that they do mention that Mail is updated...

Yes. The only question is which Tuesday. I vote for the first Tuesday of a month that begins with J, or maybe A, or maybe S, or maybe . . .

Shipping by the first Tuesday of a month that begins with a D, but Apple may announce at Paris in September. :rolleyes:

Ahhh.... printer is working again....

Someone mentioned the Safari "Debug" Menu.... this is not new, it has been around a long time, some haxies make it appear (or terminal commands) I use it to spoof web pages into thinking I am on a windows....

Hey... look at the Apple document on this (http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html), in the lower-right corner, under System Requirements.

I see:

System Requirements
— Mac OS X 10.3.3 or later
— Client and Server
— SHA1= 30c78daca1859ddc84a6c8e5c1d31de32b4aa979

Where do I get one of those?
That SHA1 number is an encrypted checksum that can be used to verify the download as authentic and unmodified. It's there for those of us that are paranoid when it comes to security. :)

That SHA1 number is an encrypted checksum that can be used to verify the download as authentic and unmodified. It's there for those of us that are paranoid when it comes to security. :)
Well, don't I feel like an idiot? (Answer: yes)

Secure (http://www.w3.org/PICS/DSig/SHA1_1_0.html) Hash (http://www.faqs.org/rfcs/rfc3174.html) Algorithm (http://developer.apple.com/documentation/Darwin/Reference/ManPages/html/SHA1.3ssl.html), eh?

Thanks for the heads-up.

Well, don't I feel like an idiot? (Answer: yes)

Secure (http://www.w3.org/PICS/DSig/SHA1_1_0.html) Hash (http://www.faqs.org/rfcs/rfc3174.html) Algorithm (http://developer.apple.com/documentation/Darwin/Reference/ManPages/html/SHA1.3ssl.html), eh?

Thanks for the heads-up.

You're welcome. By the way...I've installed the update on my 17" iMac and have had no problems so far.

i think it quite funny that you guys whine about windows always having security updates all the time and man, how horrible it must be to run windows and always have all these security problems, and blah blah blah.

do those of you that feel this way realize that we get an OS X security update every couple of weeks just like XP users?

There are 2 reasons you don't hear about the OS X security issues:

1. in comparison to windows, nobody uses OS X...especially not hackers.
2. apple likes to be extremely vague about their security problems. this is a good and bad policy. It is good because it makes it more difficult for hackers (if there were any) to find and exploit weaknesses before they are patched. it is bad because a 'power' user will always be better off with more information instead of less...and apple in general prefers to give less.

we're all just lucky that OS X is 1% of the market, if that...if it gets too popular, we could be in trouble...


MS sometimes puts out several Security Updates more than once a week or weekly. We get them every once in a while and while we might be getting them more often recently, we don't really have to worry about it. If you don't want to install it, then don't. No big deal.

It's very interesting that this French site had posted this update a few days ago.

http://croquer.free.fr/

They have a bunch of rumors that are quite juicy...

Wow, apple must have a snitch, lol.

woohoo! security update!! wait..starting to feel like windows a bit..security update here, security update there... :confused:

It is not the same. You don't have the thrill of rushing from box to box making sure that you beat worms to your machine. Or, the joy of cleaning up the mess they make.

Not to be too smug, because you know when there is a real security bug on osx paired with an exploit you know people are going to go around saying the mac is just as insecure as windows. So be happy Apple is putting out patches, in fact I wish they would turn around on them faster.