Now available via Software Update:
Security Update 2004-10-27 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following component:

Apple Remote Desktop

For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798

The phrase "recommended for all Macintosh users" doesn't seem warranted due to the specialized nature of the patch.

I heard about an incident where someone was able to bypass Remote Desktop.

Just fyi.

So my question is, should I install it? Will I have to have it installed in order to install later security patches? I mean, it seems silly to install something if it's only for Remote Desktop and I don't use it.

well i dont have ARD and it is there for me to download. infact i'm getting it now!

well i have installed it and my pb hasnt blown up yet! thankfully no restart!!

Hmmm, not showing up for me, and I have the admin app installed... :confused:

edit - Looks like it's looking for a very specific user scenario. This is from the KB article:
Security Update 2004-10-27
Apple Remote Desktop

Available for: Apple Remote Desktop Client 1.2.4 with Mac OS X 10.3.x
CVE-ID: CAN-2004-0962
Impact: An application can be started behind the loginwindow and it will run as root.
Description: For a system with these following conditions
Apple Remote Desktop client installed
A user on the client system has been enabled with the Open and quit applications privilege
The username and password of the ARD user is known
Fast user switching has been enabled
A user is logged in, and loginwindow is active via Fast User Switching
If the Apple Remote Desktop Administrator application on another system is used to start a GUI application on the client, then the GUI application would run as root behind the loginwindow. This update prevents Apple Remote Desktop from launching applications when the loginwindow is active. This security enhancement is also present in Apple Remote Desktop v2.1. This issue does not affect systems prior to Mac OS X 10.3. Credit to Andrew Nakhla and Secunia Research for reporting this issue.


edit #2 - NM, didn't see that this was 1.2.4 only and doesn't apply to the latest version (2.1) which I, of course, am running. :)

Impact: An application can be started behind the loginwindow and it will run as root.



Read: This can take over your whole computer if you have this program.

:eek:

its quite odd. on a similar note did anyone get the new updates yesterday (ipod, itunes and quicktime) in their updater things? i didnt.

No restart, why not. Its nice to be up to date :cool:

My update included a Quicktime update as well.

Did anyone who didn't download iTunes 4.7 yesterday get it included in the update today?

Quicktime was in my SW updater but not iPod or iTunes - I had to download those myself.

Amazing, my mac is a lot faster, apps bounce just once, safari renders a lot better and I go to sleep, it's late for me and I'm tired... ;)

My update included a Quicktime update as well.

Did anyone who didn't download iTunes 4.7 yesterday get it included in the update today?

i downloaded it off the apple site at about lunchtime as it hadnt appeared on software update.

Boy, everything sure feels snappier!
(sorry, had to do one of those...to release my frustration at not being able to go to the grand opening of London's new store)

Funny, I just looked at Secunia's site today and they reported no unpatched security issues for Mac OS X. :D I suppose this mostly affects corporations and universities but it's an opportunity.

Good for Apple to have patched it quickly.

Quicktime and iTunes I had to do manually. Seems the iTunes update was directly applicable to Euro iTunes, as for the Quicktime update was not available for my machine. Wasn't clear why it wasn't available.

All updates done and things are snappy and on point....

Installed the sercurity update and Finder seems snappier

:D

A 432k update made the Finder snappier? Are you sure y'all aren't just grasping at straws while we all wait for Tiger?

-Drew

Installed the sercurity update and Finder seems snappier

:D

are you serious about the speed stuff?? or just kidding??? :rolleyes:

Glad to see that QT update as well, was looking for that last night when I upgraded my iTunes....

Did the update. No problems. No improvements. (Which is fine)

Just thought I'd let you all know...

Did the update. No problems. No improvements. (Which is fine)

Just thought I'd let you all know...

I actually have found start ups slower now...and user switching...

its quite odd. on a similar note did anyone get the new updates yesterday (ipod, itunes and quicktime) in their updater things? i didnt.

As of yesterday afternoon, mine hadn't shown up in Software Update, so I downloaded it off Apple's site.

Yep, installed fine on my 17" 1.25 GHz G4 iMac - no problems at all. Thanks Apple!

Wow, it really is snappier ;) </joking>

I'm not sure I would regard this as a security issue.

Maybe I haven't read the report properly but if you login as the user then you should be able to operate a Mac in any state as long as you have the relevant credential to access the machine. Perhaps rather than restricting remote access on the login screen the 2004-10-27 Security Update should assign the proper user ID rather than defaulting to run as root instead?

Why all the fuss about this update? Just install it and be done with it! I install everything that comes through software update, whether I need it or not, and have not had a single issue with my OS. Maybe I am blessed, but I doubt it.

Quicktime and iTunes I had to do manually. Seems the iTunes update was directly applicable to Euro iTunes, as for the Quicktime update was not available for my machine. Wasn't clear why it wasn't available.

All updates done and things are snappy and on point....

Both Quicktime and iTunes updates were in my software update pane yesterday. I checked around 6pm or so and they were all there. However, they weren't there at lunch time yesterday. I decided to wait until they were there rather than download and install manually. Just a hassel :cool:

I downloaded iTunes 4.7 yesterday and it lost Airtunes, I had to install Quicktime ( and maybe the SU) before I installed iTunes again today to recover Airtunes.

A 432k update made the Finder snappier? Are you sure y'all aren't just grasping at straws while we all wait for Tiger?

-Drew


Haha, no i was just joking, I have noticed no difference in anything since the install on a 1.25 ghz eMac

hmmmm, I installed the update cuz i read it would make my computer faster, but I don't see much of a difference. Maybe my mac was already fast to begin with. :)

Well, it's installed and all is good. No problems.

A 432k update made the Finder snappier? Are you sure y'all aren't just grasping at straws while we all wait for Tiger?

-Drew

are you serious about the speed stuff?? or just kidding??? :rolleyes:

I think he was joking people and merely joining in with the banter of previous posters. Sarcasm seems to travel better across British internet waves! ;) :p

nice to apple staying on top of their game, could this be a patch to fix that worm out there i read about? you know the one targeting us mac users... :mad:

Not much improvement for me, but i downloaded and installed the update and everything works fine. knock on wood.

yesterday afternoon, i had both quicktime and itunes in my swupdate. for whatever that's worth . . .

No problems here, no noticeable change to my Pod. I guess there will fewer updates leading up to Tiger? Maybe just security updates until then I guess.

Why all the fuss about this update? Just install it and be done with it! I install everything that comes through software update, whether I need it or not, and have not had a single issue with my OS. Maybe I am blessed, but I doubt it.

You imply that you don't want every single mac user to update you on their persoanl status after an update?

You don't want a bunch of posts that say "works for me" or "no problems so far"

How will everyone increase the number of posts associated with their macrumors account?

Say it aint so...Joe

I just installed the Security Update, iTunes, & QuickTime today. My Mac is humming along without any problems. :)

Join MacRumors.com - Team Folding, and be a part of the Mac Folding team!


bogus link

bogus link

Thank you, I will need to try and find a new link. :o