Security Update 7/12/02

[arn]

Security Update 7-12-02 delivers a more secure Software Update service to verify that future updates originate from Apple. If you would prefer to download this manually from a secure Apple server you can download the package at http://www.info.apple.com/kbnum/n75304

 

[sparkleytone]

well well...now thats what i call fast. gj to apple. eat it m$.

 

[Sayer]

Might have been already working on it

Who knows, the people who work on this component should have known how vulnerable it was and were working on a "fix" for a future release. They just got caught early and pushed this out.

Or they are really serious about security and had people pull all-nighters until it was fixed.

Either way, it just shows that Apple can respond quickly when [legitimate] problems arise if they have the full glare of the Mac media shining on them. Mac OS X is also up for for Government security review as well so this only helps.

 

[Rower_CPU]

Hear, hear!!

I just heard about this vulnerability this week and Apple already has it patched. Fantastic!

Now...how's that HTML vulnerability in Outlook Express for PC coming...

 

[daRAT]

Odd

That security problem is almost a week old and this is the first of the Mac sites I go to that even mentioned it, only after a fix came out.


Typical, when a problem arises like this the Mac community is quiet hoping it will go away. Kudos to Apple for patching it quickly.

And shame on all who though Mac OS X is perfect, it anit by a far cry. I hope someday it is close to perfect, but no software is perfect.


I have had OS X since the second day it was released to stores and have been quite excited, but realized soon when I loaded the 10.0 version that it was a "beta" for sure, 10.1 helped, but did something wierd with the moniter display. 10.1.5 seems to be where is sould have been, when first released.

I am excited and can't wait for 10.2, but don't think it is the perfect, secure OS.


html in email is for weenies, plain old text works just fine, and html can be shut off in Outlook for all incoming and outgoing mail

 

[nero007]

Has anyone had any problems after installing this update?

 

[ShaolinMiddleFinger]

I had no problem installing it.

Quick question: Which security is better? OS 9 or OS X?

 

[rugby]

This update rocks! type "man softwareupdate" in terminal!

Finally, running software update via cli!!!!!

I am a happy camper!

 

[sparkleytone]

nice...i think i'll prefer that to doing it thru the GUI. i dont like things popping up all over.

 

[j763]

well done to apple for patching this one up quickly.

daRAT -- you say that the Mac community didn't say a word... don't you ever visit macslash, /. or macintouch???

ShaolinMiddleFinger -- OS 9 security is "better" security wise because there's no underlying code... Apple has done a great job with OS X Security and getting things fixed up quickly. Quite a few of the security updates for OS X so far relate to software componenets which apple do not develop, such as openssh and apache server. this is one of the few issues that has been the fault of apple.

Also, it never ceases to amaze me how many critical updates come out for win2k... it's a constant flow... I needed 2 CDs to burn the critical win2k updates from the original win2k release...

 

[peterjhill]

Now how about adding MD5 support for the passwd file

As I say above, how about some MD5 passwd support, instead of crypt. I would prefer some strong authentication for my passwd file. How many people have a passwd > 8 chars and have mistyped the passwd, but have still been let in? As long as you get the first 8 chars right, the rest are chomped off.

While were at it, I hope Apple considers adding support for Andrew File System. OpenAFS rocks on the Mac. How about they just package it into the OS. I realize that most users don't use it, but it would please Universities, as most of them run AFS. Of course then they need to add Kerberos support, but MIT has that working just fine.

While we are talking about security, has Apple implemented any kind of password encryption for mac.com email yet?

 

[Choppaface]

Re: Now how about adding MD5 support for the passwd file

its about time, apple

Originally posted by peterjhill
As I say above, how about some MD5 passwd support, instead of crypt. I would prefer some strong authentication for my passwd file. How many people have a passwd > 8 chars and have mistyped the passwd, but have still been let in? As long as you get the first 8 chars right, the rest are chomped off.

*waves hand*
i always wonderd why it did that

 

[Jays]

there seems to be a problem with the update

After installing the update on my powerbook G4 everything seem o.k. but today I installed OS X 10.1.2 on a G3, thaen I opend software update and all I see is the security update, so i run it. now the SW update claims my system is up to date! I can not update to 10.1.5, so I downloaded the combined update and my OS X drive is greyed out, it seems apple has F*** up something.