Apple Security Update 2007-002, Daylight Savings Update and More

[MacRumors]

Apple released a number of software updates today under Mac OS X's Software Update feature. The first is a security update that "is recommended for all users and improves the security of the following components:"

- CoreServices
- iChat
- UserNotificationCenter

More detailed information about the changes are listed at Apple.

Apple also revealed a Daylight Saving Time Update due to recent changes on the dates Daylight Savings will occur this year:

Quote:

The Daylight Saving Time Update for Mac OS X and Mac OS X Server addresses recent changes in the way Daylight Saving Time will be observed in the U.S. and Canada beginning in March 2007 and includes the latest time zone information for the rest of the world.

More information is at http://docs.info.apple.com/article.html?artnum=305056

Other updates also listed by Apple include:

- Java for Mac OS X 10.3 Update 5
- Java for Mac OS X 10.4 Update 5
- WebObjects 5.3.3
- Final Cut Pro 5.1.3

[bloogersnigen]

downloaded all, works fine. Haven't noticed anything different yet. Wait why is the screen flickering!

[ksgant]

I JUST got my 24" iMac yesterday, and thought my software updates were going to be done for a while, then I noticed this popping up.

Worked perfectly though, so no complaints.

[rye9]

isn't an OS update due soon though which will include the security update?

[thejadedmonkey]

iChat update?

[gerrycurl]

here's the link from apple, as usual no information:

http://www.apple.com/downloads/macos...areupdate.html

i was hoping this firmware update would allow me to now get the drivers to have portrait view on my samsung 24" synchmaster, but it gives me nothing.

what the heck is this firmware for? performance enhancements?

and how come nvidia has no apple drivers or software?

i'm freaking frustrated with nvidia, this will only force me to go with ati, or buy a completely new rig and install windows vista... all i want is portrait view!

by the way, i installed all the other updates, things are working smoothly...

[Doctor Q]

Finder

Mounting a maliciously-crafted disk image may lead to an application crash or arbitrary code execution

A buffer overflow exists in Finder's handling of volume names. By enticing a user to mount a malicious disk image, an attacker could trigger this issue, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-09-01-2007). This update addresses the issue by performing additional validation of disk images. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.

iChat

Attackers on the local network may be able to cause iChat to crash

A null pointer dereference in iChat's Bonjour message handling could allow a local network attacker to cause an application crash. A proof of concept for this issue in Mac OS X v10.4 has been published on the "Month of Apple Bugs" website (MOAB-29-01-2007). A similar issue exists in Mac OS X v10.3. This update addresses the issues by performing additional validation of Bonjour messages.

iChat

Visiting malicious websites may lead to an application crash or arbitrary code execution

A format string vulnerability exists in the iChat AIM URL handler. By enticing a user to access a maliciously-crafted AIM URL, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-20-01-2007). This update addresses the issue by performing additional validation of AIM URLs.

UserNotification

Malicious local users may be able to obtain system privileges

The UserNotificationCenter process runs with elevated privileges in the context of a local user. This may allow a malicious local user to overwrite or modify system files. A program that triggers this issue has been published on the "Month of Apple Bugs" website (MOAB-22-01-2007). This update addresses the issue by having UserNotificationCenter drop its group privileges immediately after launching.

[lazyrighteye]

No issues, yet.

10.4.8
Dual 2 GHz PPC G5
2.5 GB DDR2 SDRAM

[apfhex]

Interesting all MOAB fixes. Like to see MS respond to a Month of Vista Bugs.

I thought the DST issue had been addressed long ago, or have there been even more recent changes to DST? Ah I see, they're addressing more regions, as well as 10.3 users.

Quote:

The 2007 time zone and Daylight Saving Time rule changes for the United States and most of Canada are already available in Mac OS X 10.4.5 or later.

Some additional regions that recently adopted time zone and DST changes are available in the February, 2007 Daylight Saving Time Update.

[Markabre]

I wonder if this is due to some kind of delay with 10.4.9. It seemed just around the corner a few weeks ago with constant seeds and few known issues but then it all went quiet....

[MrCrowbar]

Well, it's cool to see that Apple fixes the thing addressed in the month of apple bugs so quickly.

[Peace]

Quote:

Originally Posted by Markabre

I wonder if this is due to some kind of delay with 10.4.9. It seemed just around the corner a few weeks ago with constant seeds and few known issues but then it all went quiet....

Apple is waiting on some important stuff before releasing 10.4.9

Hang Loose

[jonharris200]

iMac 20" and black MacBook*, both Intel Core 2 Duo, both running Tiger 10.4.8, both updated fine.

* Refurb, arrived today, with 2GB RAM - yay! Sorry to repeat myself from other threads, I'm just very happy about that. Many thanks

[justflie]

Quote:

Originally Posted by Peace

Apple is waiting on some important stuff before releasing 10.4.9

Hang Loose

I wish I could know what you know!

[Markabre]

Quote:

Originally Posted by Peace

Apple is waiting on some important stuff before releasing 10.4.9

Hang Loose

Yeah this certainly gives me that kinda feeling. Either:

- its done and they're waiting for something for it to coincide with. I would assume a release before iphone/leopard/wwdc however.
- It's already complete well in advance of when they needed it so they can now concentrate on Leopard.
- It's been delayed to add more features than initially planned

...and why the hell am i being sucked into speculating about apple..and not a particularly exciting release either. i think i caught the bug :/ help!

[HailToTheVictor]

MBP CD 1.83 All Good thus far

[Sandfleaz]

Quote:

Originally Posted by Markabre

...and why the hell am i being sucked into speculating about apple..and not a particularly exciting release either. i think i caught the bug :/ help!

Quick, purchase 100 shares of Apple stock ...the only known cure!

[iJawn108]

hmmm the latest camino knightly isnt runing properly

[puckhead193]

the final cut update didn't come up in software updates for me

[rfaulder]

Safari seems snappier.

[Grakkle]

Updated. Haven't noticed any difference thus far - but I've only been using the computer for a few minutes.

[starwxrwx]

yay from WA for daylight savings

[lancestraz]

I kernel panicked after the updates. Had to boot from the install DVD and repair disk.

Everything seems fine now.
But still... Grrrr...

[boxandrew]

All the updates downloaded fine except the 10.4 Java Update, which my mac currently estimates will take another 10 hours. Could just be a problem my end, but why would the Security and Timezone Updates be so fast compared to this?

[k2k koos]

Quote:

Originally Posted by rfaulder

Safari seems snappier.

Yes, I think so too, just installed, restarted and started browsing, it is defenitely snappier.... hope there are no incompatible websites out there now...there weren't that many...