http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com/2010/01/19/apple-releases-security-update-2010-001-for-snow-leopard-and-leopard/)

Apple today released Security Update 2010-001 for users of Mac OS X Snow Leopard and Leopard. According to the associated support document (http://support.apple.com/kb/HT4004), the update addresses security issues affecting a half-dozen system areas, including CoreAudio, Flash Player plug-in, and OpenSSL.

- Security Update 2010-001 (Snow Leopard) (http://support.apple.com/kb/DL994) (21.90 MB, Requires Mac OS X 10.6.2)
- Security Update 2010-001 Client (Leopard) (http://support.apple.com/kb/DL993) (159.58 MB, Requires Mac OS X 10.5.8)
- Security Update 2010-001 Server (Leopard) (http://support.apple.com/kb/DL992) (248.11 MB, Requires Mac OS X 10.5.8)

Apple typically rolls security updates into its Mac OS X updates as those are released, including separate security-only updates for earlier OS X versions no longer seeing major changes. The release of a security-only update for Snow Leopard suggests that Apple is not planning to release Mac OS X 10.6.3 in the near future, having only just begun (http://www.macrumors.com/2010/01/06/apple-begins-seeding-mac-os-x-10-6-3-build-10d522-to-testers/) seeding versions of it to developers for testing.

Article Link: Apple Releases Security Update 2010-001 for Snow Leopard and Leopard (http://www.macrumors.com/2010/01/19/apple-releases-security-update-2010-001-for-snow-leopard-and-leopard/)

Didn't know there were security issues. I guess I'll download anyway . . .

Didn't know there were security issues. I guess I'll download anyway . . .

Are you new to the game? There are always security issues.

I am wondering if Apple has fixed the bug (http://securityreason.com/achievement_securityalert/81) in the C-Library...
Somebody has now shown attack code for it.

Apple typically rolls security updates into its Mac OS X updates as those are released, including separate security-only updates for earlier OS X versions no longer seeing major changes. The release of a security-only update for Snow Leopard suggests that Apple is not planning to release Mac OS X 10.6.3 in the near future, having only just begun (http://www.macrumors.com/2010/01/06/apple-begins-seeding-mac-os-x-10-6-3-build-10d522-to-testers/) seeding versions of it to developers for testing.

I find that interesting that Apple did a security patch for SL... I don't know if I like it or not, either.

I find that interesting that Apple did a security patch for SL... I don't know if I like it or not, either.

Any and all OS and other software have security issues and hopefully patches. Thinking anyone could make perfect software is just plain stupid.

Unless of course you mean that you would’ve rather seen the 10.6.3 update :rolleyes:.. meh.. I’m not in a hurry as I have no open issues with 10.6.2.

Note that the URL that shows up in Software Update (http://support.apple.com/kb/HT1222) hasn't yet been updated with the details of this Security Update.

Note that the URL that shows up in Software Update (http://support.apple.com/kb/HT1222) hasn't yet been updated with the details of this Security Update.

Just added:
http://support.apple.com/kb/HT4004

-Kevin

Updated 10.5.8 mini, no issues after restart

Boot Camp was also updated to 2.2, with Windows 7 support.

it's s/w update season! I think we're seeing a round of updates in preparation for new hardware. Apple is wrapping up development and cutting the new versions loose. Expect more...

As well as the Boot Camp 2.2 drivers for Windows on Leopard Macs, there were also Boot Camp 3.1 drivers for Windows on Snow Leopard Macs

I find that interesting that Apple did a security patch for SL... I don't know if I like it or not, either.

Yeah, how dare they patch security holes. :rolleyes:


The install went fine. Requires a restart.

Unless of course you mean that you would’ve rather seen the 10.6.3 update :rolleyes:.. meh.. I’m not in a hurry as I have no open issues with 10.6.2.

That.

One machine down, three to go.....

Happily, it's a quick update, even though one does need to restart.

Is anyone having trouble with the update installing? I just installed Leopard last night to replace Snow Leopard that has been acting up. Now this update came out, and when I go to install it, it tries to restart, but gets stuck in either an endless loop of blue screens or at the Leopard Aurora screen. I've tried it 3 times, reset SMC, reset PRAM.

It reset my background. That's about it so far.

Is anyone having trouble with the update installing? I just installed Leopard last night to replace Snow Leopard that has been acting up. Now this update came out, and when I go to install it, it tries to restart, but gets stuck in either an endless loop of blue screens or at the Leopard Aurora screen. I've tried it 3 times, reset SMC, reset PRAM.

I had the exact same problem... After looping for about 10 minutes, I decided to just hold the power button off. Now I'm not sure if the fixes were patched correctly. Could anyone let me know of a possible fix?

I had the exact same problem... After looping for about 10 minutes, I decided to just hold the power button off. Now I'm not sure if the fixes were patched correctly. Could anyone let me know of a possible fix?

I had a slightly different problem... my clock reset to January 2000 and the system forgot my wireless network. I set both & rebooted to be sure. Time & network were forgotten again. All is well now after a PRAM reset.

Huh, strange to hear people are having problems. Worked fine on SL after reboot and such. And I suppose Apple is busy with iPhone OS and the tablet, but they better make time for SL updates too..

I got the prohibition sign after updating on 21.5" iMac. I am pretty confused about how to fix it...

Beachballing constantly. My machine is totally bogged down and barely usable. Super slow reboot after downloading patch. Strange gray pixilated pattern on reboot between gray and blue boot screen. Mostly just Sloooooow and beachballing like crazy.
:mad:

This is on my 17" Classic MBP (see sig below) running SL updated to latest version.


EDIT: Really starting to look like this hosed my system. Painfully slow boots and shutdowns and beachballing constantly. ....sigh....
Looks like time to reformat and start from scratch. (Thought I left the days of totally having to re-install the OS every six months when I left Windows....)

:(

I have Mac OS X 10.6.2 and installed this update today, after the install and restart, i can't do three and four finger gestures on my MacBook Pro 5,1. I attempted to disable and re-enable the gestures through the system preferences, but that did not change anything. i am about to restart to see if the issue will resolve itself, but i thought i would let you know that this happened in case it happens to anyone else

UPDATE - problem was resolved by restarting my system. i hope this helps anyone who might run into the same problem

need to install this, hope it all goes well.

Maybe the patch instead of 10.6.3 is because it contains tablet references? Seems plausible. First thing that came to mind. A simple security patch for Snow Leopard seems really out of place. Usually those are reserved for legacy OS?

Looks incredible! This will REALLY help my workflow. Thanks Steve!

:apple:

CD MBP1,1 stuck at gray no entry screen, advanced repair attempts give me "No valid packages" , which might mean BaseSystem.pkg has been moved/disturbed by the software update. Looks like an original system disc restore is needed

CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION!

only other thing to add is that I removed Adobe Flash from all my Macs years ago, and delete it whenever it creeps back, due to vulns.
This SecUpd is supposed to patch Flash, which I haven't got? is that a clue??


________________________________
MacBook Pro 15" 2006, 2GHz CPU 1GB RAM 100GB ST9100824AS HDD OS X 10.6.2

If there's no 10.6.3 in the near future, that means I'm off to format my 1 year old MacBook Pro that's acting like a 7 year old PC, and put Leopard back! Off for a few days of hell reinstalling all my apps and all that stuff... Or maybe I'll just go back to Windows XP! Even though it's 10 years old now, it's still 10 times more stable than this lame excuse for an operating system that we call Snow Leopard. Even my 5 year old 512 MB RAM, 1.6 GHz single core computer with XP was more stable than this!

These changes are already in OSX 10.6.3. So that release is by no means imminent.

CD MBP1,1 stuck at gray no entry screen, advanced repair attempts give me "No valid packages" , which might mean BaseSystem.pkg has been moved/disturbed by the software update. Looks like an original system disc restore is needed

CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION!

only other thing to add is that I removed Adobe Flash from all my Macs years ago, and delete it whenever it creeps back, due to vulns.
This SecUpd is supposed to patch Flash, which I haven't got? is that a clue??


________________________________
MacBook Pro 15" 2006, 2GHz CPU 1GB RAM 100GB ST9100824AS HDD OS X 10.6.2

Hosed my 2,1 MBP too. I'm pissed off!!! This is a load of crap!!!

CD MBP1,1 stuck at gray no entry screen, advanced repair attempts give me "No valid packages" , which might mean BaseSystem.pkg has been moved/disturbed by the software update. Looks like an original system disc restore is needed

CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION!

only other thing to add is that I removed Adobe Flash from all my Macs years ago, and delete it whenever it creeps back, due to vulns.
This SecUpd is supposed to patch Flash, which I haven't got? is that a clue??


________________________________
MacBook Pro 15" 2006, 2GHz CPU 1GB RAM 100GB ST9100824AS HDD OS X 10.6.2

Working great on my MacBook Pro that is an identical model to yours, but then again I did a clean install of Snow Leopard.

Also for those having serious problems with it not being stable I highly suggest you do a clean install as well. Snow Leopard is working fantastic on both of my machines with little to no hang ups at all.

No snow on my Leopard that runs around my MacBook 2008 and the update is fine and dandy.

Hope anyone with problems is OK now.

Unibody MacBook running 10.5.8 updated flawlessly here. :)

Working great on my MacBook Pro that is an identical model to yours, but then again I did a clean install of Snow Leopard.

Also for those having serious problems with it not being stable I highly suggest you do a clean install as well. Snow Leopard is working fantastic on both of my machines with little to no hang ups at all.


I am running a clean install of SL. For the record, I've never had a serious problem like this before after any type of update.
Sadly this time, not so lucky. :(
But it looks like my expensive decision to have a "backup" MBP in reserve is going to pay off big time. I use my machine for my business & would have been even more pissed had I not had a plan B.

EDIT: After repairing disk permissions and several reboots I think my machine is back in order. Sheesh...what a scare. I have to confess that since switching to Mac as my primary platform I've become very VERY lazy regarding system maintenance. Mac is just that much better that, usually, things "just work". :)

All went fine for both my computers... my 09 Mac Pro and early 08 Blackbook both with 10.6.2

The release of a security-only update for Snow Leopard suggests that Apple is not planning to release Mac OS X 10.6.3 in the near future

Not to mention no 10.5.9, ever.

Maybe Apple can fix the issues with the X1900 graphics card so that I can update to 10.6.2 without my Matrox MXO crapping out!

I had no issues whatsoever on my Macbook Pro 5,1. Running SL upgrade from Leopard.

........


EDIT: Really starting to look like this hosed my system. Painfully slow boots and shutdowns and beachballing constantly. ....sigh....
Looks like time to reformat and start from scratch. (Thought I left the days of totally having to re-install the OS every six months when I left Windows....)

:(

Not to be unkind but if these problems follow you around, OS to OS, where is the problem?


Dave

CoreAudio - Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution
A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tobias Klein of trapkit.de for reporting this issue.

CUPS - A remote attacker may cause an unexpected application termination of cupsd
A use-after-free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination. This issue is addressed through improved connection use tracking.

Flash Player plug-in - Multiple vulnerabilities in Adobe Flash Player plug-in
Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-19.html Credit to an anonymous researcher and Damian Put working with TippingPoints Zero Day Initiative, Bing Liu of Fortinet's FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR).

ImageIO - Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2.

Image RAW - Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution
A buffer overflow exists in Image RAW's handling of DNG images. Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Jason Carr of Carnegie Mellon University Computing Services for reporting this issue.

OpenSSL - An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL
A man-in-the-middle vulnerability exists in the SSL and TLS protocols. Further information is available at http://www.phonefactor.com/sslgap A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation. Credit to Steve Dispensa and Marsh Ray of PhoneFactor, Inc. for reporting this issue.

No issues here!

MacOS 9.2.2
MacOS 10.4.11

Patiently waiting for 10.6.3 and 10.6.4

:D

Not to be unkind but if these problems follow you around, OS to OS, where is the problem?


Dave

Dave, not be be unkind but if you don't know how crappy Windows is I'm not going to be able to enlighten you. For your info I was a network systems admin for six years and have had up close and personal experience supporting Windows NT through XP. Then I got out and changed my career path.

Apple's whole marketing strategy is "it just works". And, for the most part, their products do just work. The most refreshing thing about moving to Mac was the fact that I didn't have to get under the hood and figure out how to fix problems left and right. I want to USE my computer as a tool to do things/make things with now. Macs are great for that. Windows is great for having to fix problems so you can use your computer to do things.

OS X is a superior operating system than Windows. It almost always works. Maybe not always at optimal performance if you don't take the time to tweak it, but it usually works fairly well nonetheless.

THAT is the standard that I've become accustomed to with Mac. And it's a huge part of how Apple positions themselves and markets their products.

So, when a routine security update instantly trashes my OSs ability to, well, simply work like it should I think comparing that experience to the common unpleasant Windows user experience is not uncalled for.

But I do enjoy your snideness. It gave me a chuckle.
;)

As well as components listed above, the update also replaces the Security framework itself. This framework handles authorisation, keychain services and certification management. This may be related to the OpenSSL fixes, but as the framework isn't linked against the OpenSSL library it's difficult to say.

The problems that others are experiencing may be due to them having installed some non-Apple software that depends on an older version of the Security framework, and which no longer works with the current one. It would explain why users are receiving 'No-entry' signs when attempting to login.

No issues 10.6.2 x 3 macs

Went smooth as silk. Immediately ran disk utility to correct errors and back to the 'net :D

No issues here!

MacOS 9.2.2
MacOS 10.4.11

Patiently waiting for 10.6.3 and 10.6.4

:D

Enjoy not getting any support any more including security updates for those 2 legacy OS'

Beachballing constantly. My machine is totally bogged down and barely usable. Super slow reboot after downloading patch. Strange gray pixilated pattern on reboot between gray and blue boot screen. Mostly just Sloooooow and beachballing like crazy.
:mad:

This is on my 17" Classic MBP (see sig below) running SL updated to latest version.


EDIT: Really starting to look like this hosed my system. Painfully slow boots and shutdowns and beachballing constantly. ....sigh....
Looks like time to reformat and start from scratch. (Thought I left the days of totally having to re-install the OS every six months when I left Windows....)

:(


I had constant beachball on my 13.3" MacBook Pro. A faster HDD and memory upgrade solved the problem. Even those 'Genius' boys couldn't solve the problem.

WOW! My Superdrive burns and plays Blu-ray now perfectly on my iMac matte screen!

Looks incredible! This will REALLY help my workflow. Thanks Steve!

:apple:

You best be trollin'. ;)

Installed the patch last night, went quickly, zero issues. :)

luckily there's only a few people reporting problems. My 2006 MacBook Pro running 10.6.2 , fully patched , lovingly maintained has suffered a difficult to recover from crash, due absolutely only to this security update. My latest repair attempt with my SL upgrade disk successfully repairs permissions, successfully completes disk first aid repair but when I try and install SL 10.6 , I get the comment
"Mac OS X can't be installed this computer" it further explains that
"this disc requires that Mac OS X 10.5 or later is already installed on your computer" , helpfully there is the option "if you wish to restore the system from a Time Machine backup - click restore"

so it seems that the security update 2010-001 has rendered the MBP totally system-less

My TM backup for this MBP (I have 8 MBP's) is around 3 months old, and I need to know more about the wording "if you wish to restore the system" as I'd very much like to keep my current user data. I'll finish to write my paper - due next wednesday - on my desktop iMac (as yet unpatched!) then either restore 10.4 from my original system disk, update to 10.5, then back to SL 10.6.2 , or I might try the Time Machine.

eitherway , it shows that although my MacBook worked normally great & all my many other shiny pieces of fruit work great !!! don't patch before a significant deliverable!!, (without having a todays TM image and user data backed up on MemStick & another machine). I haven't tried FireWire target disk on my 'trashed MBP' , that would likely be the fastest way back to my data, but happily I kept the parallel working documents on the different systems. (the document will eventually earn my company around 700k euros)

I did this update but no bootcamp upgrade for me. I'm running 10.6.2 on a new MBP. Where did you guys see your bootcamp drivers updated?

Boot Camp Assistant:

Version: 3.0.1
Last Modified: 5/19/09 2:02 AM
Kind: Intel
64-Bit (Intel): Yes
Get Info String: Boot Camp Assistant 3.0.1, Copyright © 2009 Apple Inc. All rights reserved
Location: /Applications/Utilities/Boot Camp Assistant.app

I did this update but no bootcamp upgrade for me. I'm running 10.6.2 on a new MBP. Where did you guys see your bootcamp drivers updated?


did you download bootcamp Update 3.1 for Windows 32 bit from here http://support.apple.com/kb/DL996
or the 64 bit from here http://support.apple.com/kb/DL979
the Apple Vista unmount before Win7 is here http://support.apple.com/kb/DL977

these have to be installed other than by Software Update in Mac OS
I'll not be doing this just at the moment:o

did you download bootcamp Update 3.1 for Windows 32 bit from here http://support.apple.com/kb/DL996
or the 64 bit from here http://support.apple.com/kb/DL979
the Apple Vista unmount before Win7 is here http://support.apple.com/kb/DL977

these have to be installed other than by Software Update in Mac OS
I'll not be doing this just at the moment:o

Thanks, I was just expecting it to show up in Software Update.

So, when a routine security update instantly trashes my OSs ability to, well, simply work like it should I think comparing that experience to the common unpleasant Windows user experience is not uncalled for.

Good as Macs generally are, you really don't want to run OS X patches without first gauging the risk via this forum and, less propagandistically, MacFixit.

The dirty little secret is that maintenance != Software Update.

luckily there's only a few people reporting problems. My 2006 MacBook Pro running 10.6.2 , fully patched , lovingly maintained has suffered a difficult to recover from crash, due absolutely only to this security update. My latest repair attempt with my SL upgrade disk successfully repairs permissions, successfully completes disk first aid repair but when I try and install SL 10.6 , I get the comment
"Mac OS X can't be installed this computer" it further explains that
"this disc requires that Mac OS X 10.5 or later is already installed on your computer" , helpfully there is the option "if you wish to restore the system from a Time Machine backup - click restore"

so it seems that the security update 2010-001 has rendered the MBP totally system-less

My TM backup for this MBP (I have 8 MBP's) is around 3 months old, and I need to know more about the wording "if you wish to restore the system" as I'd very much like to keep my current user data. I'll finish to write my paper - due next wednesday - on my desktop iMac (as yet unpatched!) then either restore 10.4 from my original system disk, update to 10.5, then back to SL 10.6.2 , or I might try the Time Machine.

eitherway , it shows that although my MacBook worked normally great & all my many other shiny pieces of fruit work great !!! don't patch before a significant deliverable!!, (without having a todays TM image and user data backed up on MemStick & another machine). I haven't tried FireWire target disk on my 'trashed MBP' , that would likely be the fastest way back to my data, but happily I kept the parallel working documents on the different systems. (the document will eventually earn my company around 700k euros)

I agree that a backup is always a good idea.

For me no problems on my Mac Pro ’09 and just installed on the MBP ´06 just fine.

Is anyone having problems with any e-commerce sites?

I had an issue with 123-reg that i think is down to the update to OpenSSL and the SSL re-negotiation being disabled.

Their site indicated there had been a problem, but the site took the cash and didn't register the domains. :(

It also happened with a paypal payment and I think this also might possibly happen with any of the "Verified by VISA" or Mastercard verification processes.

Just for info: It happened in both safari and firefox. The problem was with the site's payment processing.

Just interested if anyone else is seeing any of these issues.

Cheers,
Tim

50% success rate.


The MacBook is fine, the Mini is no longer booting. Just got the spinning disk.

Time for the SL dvd then.

Fixed a lot of disk permissions and still not booting. FFS

mmmm, according to verbose boot mode the System bootstrapper has crashed: Trace/BPT trap. Bollox

Just a thought for those with deadish Mac after this update, have any of you installed WD Smartware? (software that comes bundled with new WD My Books - the one where you cannot delete the annoying VCD).

Phew, a quick reinstall seems to have done the trick, everything is back :) (though I've got to download 10.6.2 again :eek: )

odd that this update didn't prompt for a password. every install/update has so far except this one. :confused:

this made my canon scanner no longer scan. keeps saying cannot communicated with driver. scanner works fine via vmware fusion in windows. this freaken blows. i have a canon 8600F

great.:eek: