Apple Security Update 2007-002, Daylight Savings Update and More

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 15, 2007.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]

    Apple released a number of software updates today under Mac OS X's Software Update feature. The first is a security update that "is recommended for all users and improves the security of the following components:"

    - CoreServices
    - iChat
    - UserNotificationCenter

    More detailed information about the changes are listed at Apple.

    Apple also revealed a Daylight Saving Time Update due to recent changes on the dates Daylight Savings will occur this year:

    More information is at http://docs.info.apple.com/article.html?artnum=305056

    Other updates also listed by Apple include:

    - Java for Mac OS X 10.3 Update 5
    - Java for Mac OS X 10.4 Update 5
    - WebObjects 5.3.3
    - Final Cut Pro 5.1.3
     
  2. macrumors regular

    bloogersnigen

    Joined:
    May 15, 2005
    Location:
    Wherever the water flows
    #2
    downloaded all, works fine. Haven't noticed anything different yet. Wait why is the screen flickering!
     
  3. macrumors 6502a

    ksgant

    Joined:
    Jan 12, 2006
    Location:
    Chicago
    #3
    I JUST got my 24" iMac yesterday, and thought my software updates were going to be done for a while, then I noticed this popping up.

    Worked perfectly though, so no complaints.
     
  4. macrumors 65816

    rye9

    Joined:
    Sep 20, 2005
    Location:
    New York (not NYC)
    #4
    isn't an OS update due soon though which will include the security update?
     
  5. macrumors 604

    thejadedmonkey

    Joined:
    May 28, 2005
    Location:
    Pa
    #5
    iChat update?
     
  6. macrumors newbie

    gerrycurl

    Joined:
    Jun 3, 2004
    #6
    nvidia 7300 firmware for mac pro

    here's the link from apple, as usual no information:

    http://www.apple.com/downloads/macosx/apple/firmware_hardware/geforce7300gtfirmwareupdate.html

    i was hoping this firmware update would allow me to now get the drivers to have portrait view on my samsung 24" synchmaster, but it gives me nothing.

    what the heck is this firmware for? performance enhancements?

    and how come nvidia has no apple drivers or software?

    i'm freaking frustrated with nvidia, this will only force me to go with ati, or buy a completely new rig and install windows vista... all i want is portrait view!

    by the way, i installed all the other updates, things are working smoothly...
     
  7. Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Kepler-452b
    #7
    Security Update 2007-002 details

    Finder

    Mounting a maliciously-crafted disk image may lead to an application crash or arbitrary code execution
    A buffer overflow exists in Finder's handling of volume names. By enticing a user to mount a malicious disk image, an attacker could trigger this issue, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-09-01-2007). This update addresses the issue by performing additional validation of disk images. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.​

    iChat

    Attackers on the local network may be able to cause iChat to crash
    A null pointer dereference in iChat's Bonjour message handling could allow a local network attacker to cause an application crash. A proof of concept for this issue in Mac OS X v10.4 has been published on the "Month of Apple Bugs" website (MOAB-29-01-2007). A similar issue exists in Mac OS X v10.3. This update addresses the issues by performing additional validation of Bonjour messages.​

    iChat

    Visiting malicious websites may lead to an application crash or arbitrary code execution
    A format string vulnerability exists in the iChat AIM URL handler. By enticing a user to access a maliciously-crafted AIM URL, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-20-01-2007). This update addresses the issue by performing additional validation of AIM URLs.​

    UserNotification

    Malicious local users may be able to obtain system privileges
    The UserNotificationCenter process runs with elevated privileges in the context of a local user. This may allow a malicious local user to overwrite or modify system files. A program that triggers this issue has been published on the "Month of Apple Bugs" website (MOAB-22-01-2007). This update addresses the issue by having UserNotificationCenter drop its group privileges immediately after launching.​
     
  8. macrumors 65816

    lazyrighteye

    Joined:
    Jan 16, 2002
    Location:
    Denver, CO
    #8
    Downloaded & Installed

    No issues, yet.

    10.4.8
    Dual 2 GHz PPC G5
    2.5 GB DDR2 SDRAM
     
  9. macrumors 68030

    apfhex

    Joined:
    Aug 8, 2006
    Location:
    Northern California
    #9
    Interesting all MOAB fixes. Like to see MS respond to a Month of Vista Bugs. :D

    I thought the DST issue had been addressed long ago, or have there been even more recent changes to DST? Ah I see, they're addressing more regions, as well as 10.3 users. :cool:

     
  10. macrumors newbie

    Joined:
    Feb 15, 2007
    #10
    I wonder if this is due to some kind of delay with 10.4.9. It seemed just around the corner a few weeks ago with constant seeds and few known issues but then it all went quiet....
     
  11. macrumors 68000

    MrCrowbar

    Joined:
    Jan 12, 2006
    #11
    Well, it's cool to see that Apple fixes the thing addressed in the month of apple bugs so quickly.
     
  12. macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #12
    Apple is waiting on some important stuff before releasing 10.4.9 ;)

    Hang Loose
     
  13. macrumors 6502

    jonharris200

    Joined:
    Feb 25, 2006
    Location:
    London, UK
    #13
    iMac 20" and black MacBook*, both Intel Core 2 Duo, both running Tiger 10.4.8, both updated fine.

    * Refurb, arrived today, with 2GB RAM - yay! Sorry to repeat myself from other threads, I'm just very happy about that. :D Many thanks :apple:
     
  14. macrumors 6502a

    justflie

    Joined:
    Nov 29, 2005
    Location:
    Red Sox Nation
    #14
    I wish I could know what you know! :D
     
  15. macrumors newbie

    Joined:
    Feb 15, 2007
    #15
    Yeah this certainly gives me that kinda feeling. Either:

    - its done and they're waiting for something for it to coincide with. I would assume a release before iphone/leopard/wwdc however.
    - It's already complete well in advance of when they needed it so they can now concentrate on Leopard.
    - It's been delayed to add more features than initially planned

    ...and why the hell am i being sucked into speculating about apple..and not a particularly exciting release either. i think i caught the bug :/ help!
     
  16. macrumors regular

    Joined:
    Feb 1, 2007
    #16
    MBP CD 1.83 All Good thus far
     
  17. macrumors regular

    Joined:
    Jan 9, 2007
    #17
    Quick, purchase 100 shares of Apple stock ...the only known cure!
     
  18. macrumors 65816

    iJawn108

    Joined:
    Apr 15, 2006
    #18
    hmmm the latest camino knightly isnt runing properly
     
  19. macrumors G3

    puckhead193

    Joined:
    May 25, 2004
    Location:
    NY
    #19
    the final cut update didn't come up in software updates for me :confused:
     
  20. macrumors newbie

    Joined:
    Feb 15, 2007
    #20
    Safari seems snappier.
     
  21. macrumors 6502a

    Grakkle

    Joined:
    Oct 6, 2006
    Location:
    Earth
    #21
    Updated. Haven't noticed any difference thus far - but I've only been using the computer for a few minutes.
     
  22. macrumors newbie

    Joined:
    Oct 26, 2004
    #22
    yay from WA for daylight savings
     
  23. macrumors 6502a

    lancestraz

    Joined:
    Nov 27, 2005
    Location:
    RI
    #23
    I kernel panicked after the updates. Had to boot from the install DVD and repair disk.

    Everything seems fine now.
    But still... Grrrr...
     
  24. macrumors member

    Joined:
    Apr 27, 2005
    Location:
    Oklahoma, OK
    #24
    Slow download

    All the updates downloaded fine except the 10.4 Java Update, which my mac currently estimates will take another 10 hours. Could just be a problem my end, but why would the Security and Timezone Updates be so fast compared to this? :confused:
     
  25. macrumors 6502a

    k2k koos

    Joined:
    Jan 21, 2003
    Location:
    Somewhere between yesterday and tomorrow
    #25
    updates

    Yes, I think so too, just installed, restarted and started browsing, it is defenitely snappier.... hope there are no incompatible websites out there now...there weren't that many...
     

Share This Page