2003-12-19 Security Update and Quicktime 6 MPEG-2 Component

[MacRumors]

Apple has released a 2003-12-19 Security Update in your Mac OS X Software Update. This update is recommended for all Macintosh users:

This update includes the following components: AFP Server, ASN.1 Decoding for PKI, cd9660.util, Directory Services,fetchmail, fs_usage, rsync. and System Initialization.

For more information: http://www.info.apple.com/kbnum/n61798

Apple also posted an update to the Quicktime 6 MPEG-2 Component (also in Software Update). Users who had previous purchased the Quicktime MPEG-2 Component had found that the previous version expired on Dec 15th.

 

[Booga]

Also Xcode re-posted

In addition, the Xcode update which was pulled yesterday was re-posted today.

 

[bennok]

That's a lot of updates, and a lot of updates requiring a restart ;-)

 

[ZildjianKX]

Please, no more OS X updates... fix the damn iPod firmware that is whacked Apple!

 

[magi.sys]

Also, the 10.3.2 server update is posted

I bet apple wanted to wait till they figured out the security update before they released the server update, hence the delay compared to panther client.

 

[SFNE Freak]

Screw that...I'll take my chances and wait until I have to restart for something else. I'm sick of restarting for software updates.

 

[mac15]

I'll hold off the secutiy update for a while, nothing thats there bother me all that much to install it.

 

[sethypoo]

Originally posted by SFNE Freak
Screw that...I'll take my chances and wait until I have to restart for something else. I'm sick of restarting for software updates.

Hear hear, but it has to happen occasionally.

So the Xcode update is back.....interesting.

 

[TomSmithMacEd]

I thought I went to the mac to get away from security updates??? WHo knows.

 

[dukemeiser]

There sure has been a lot of Security Fixes lately. And here I was getting envious of the PC users.

I've noticed that more people have been reporting security holes to Apple than before. Does this mean the Mac OS is reaching a larger audience than ever before?

 

[pivo6]

Ran the update. Only 1.5 MB, not a big deal.

 

[neonart]

Maybe later. Doing this on 3 machines at home and one at works gets old if done more than 5 times in a week.

 

[arn]

Originally posted by dukemeiser

I've noticed that more people have been reporting security holes to Apple than before. Does this mean the Mac OS is reaching a larger audience than ever before?

It's probably more that Mac OS X is more of a multi-user OS.

You could see it that Mac OS 9 had a huge security hole or none. It had no multiuser capability, so you didn't have to worry about anyone logging in. Anyone at the computer, however, could wipe the entire drive, or replace any file with malicious one.

arn

 

[ITR 81]

Xcode was pulled yesterday due to a server glitch. A Apple rep. reported it on the Apple Dis. boards yesterday.

I'll update everything now thank you.

 

[CaptainScarlet]

I do belive in patching all my systems, and have already patched them. No problems here.


After this install the 10.3.2 update seems "Faster".



CS.....out

 

[bousozoku]

Originally posted by TomSmithMacEd
I thought I went to the mac to get away from security updates??? WHo knows.

The difference is that these really fix things, not make things worse. The security updates don't arrive that often since things are pretty secure already.

 

[pb1212580]

as an ex-heavy-windows user, I can say that everything there's a security update or some sort of update, the system seems to run slower and slower... or just start doing funky things and being unstable more and more. Honest.
Yes, even in xp. There are at least 40 security updates since xp came out... at least that's what I got yesterday reinstalling my sister's "new" pc laptop. I had to do 65 download/updates; and that's just from M$.

I have to agree that Apple's updates dont' usually slow things down; usually fixes things and if anything improves the speed.

So, anyone found any interesting things about these updates? Quite quiet in here... so different from last night!

my 2 cents...

 

[ddbean]

Ran update fine here. no notice of change.
To pivo6, my update was 3.5 mb. I was wondering why yours would have only been 1.5? (Not a big deal, just curious)

 

[pivo6]

Originally posted by ddbean
Ran update fine here. no notice of change.
To pivo6, my update was 3.5 mb. I was wondering why yours would have only been 1.5? (Not a big deal, just curious)

I either misread, or maybe because I'm still running Jaguar 10.2.8.

 

[Spades]

OS X includes a huge amount of software, a lot of it NOT written by Apple. The good side of this is that OS X has more out-of-the-box functionality than Windows. The bad side of this is that there's more stuff for Apple to fix.

Of the updates listed, I immediately recognize fetchmail and rsync as not being Apple's software. I don't know what's fixed in fetchmail, but if the rsync problem is what I think it is, then it's definitely not Apple's fault.

The rsync problem I'm thinking of is the security hole which allowed the recent attacks on the Debian project, and one of the systems used to mirror Gentoo. (Note that it only hit a mirror, and none of Gentoo's files were touched.)

I'm not sure how many people are even aware that OS X includes rsync, let alone use it, but I'm glad Apple is keeping the software they ship with OS X secure, even if it's not their own software.

Edit: My mistake. As pointed out below, Debian was attacked with a different method.

 

[HoserHead]

Originally posted by Spades

The rsync problem I'm thinking of is the security hole which allowed the recent attacks on the Debian project

Please note the Debian compromise had nothing to do with the rsync bug, but was instead a kernel exploit.

 

[Mr.Hey]

Originally posted by TomSmithMacEd
WHo knows.

Did you mean-- who knew?


When the security patches outpace M$ in both size and frequency then I'll agree with you but until then.....zip it. Now you know .

 

[ITR 81]

Originally posted by HoserHead
Please note the Debian compromise had nothing to do with the rsync bug, but was instead a kernel exploit.

But I believe the kernel has been updated since then.

It looks like the bootup process on my Mac has slightly improved with this sec. update.

 

[Stella]

I'd rather have updates than an OSX than unsupported and is left to rott, or updated infequentally, such as XP. In two years, how many XP updates have there been (apart from security fixes... and fixes to fix the security fix). Little.

As for rebooting. Sometimes it really is necessary. Some upgrades update the prebinding, once this is done, you have to reboot.

Try rebinding yourself and then run affected applications..... the answer? They don't.... until you reboot.

Originally posted by ZildjianKX
Please, no more OS X updates... fix the damn iPod firmware that is whacked Apple!

 

[SeaFox]

Originally posted by arn
You could see it that Mac OS 9 had a huge security hole or none. It had no multiuser capability, so you didn't have to worry about anyone logging in. Anyone at the computer, however, could wipe the entire drive, or replace any file with malicious one.

arn

What do you mean it had no multiuser capability? What was the "Multiple Users" Control Panel for then?

If the other users worked in Simple Finder or the "Panes" view similar to the old At Ease interface, they couldn't mess in the System Folder, defined appliactions, and external media.