Dang; I had no idea there were so many ways to achieve arbitrary code execution, most of them related to stack/buffer overflow. Sounds like one of the original expandable memory classes didn't work quite right, or the internal technical documentation didn't show how to use it properly.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple release Security Update 2008-002
- Thread starter James17
- Start date
- Sort by reaction score
Dang; I have no idea what you just said.
Are all security updates this large? I don't remember them being 100+ Mb.
Well, I'm gald that Apple releases these as needed. It's better than them doing nothing or sitting on it for a long time.
I would for now advise everyone to stay away from this update.
As reports are dripping in on this Apple Support thread it seems the Security Update today did at least break the ssh client for some people.
If you rely on it for work like I and other people do, just don't update
As reports are dripping in on this Apple Support thread it seems the Security Update today did at least break the ssh client for some people.
If you rely on it for work like I and other people do, just don't update
My SSH client seems to be working fine. Mac Pro 3.0 Ghz. I didn't test everything, but I did do a file upload just to see.
That is what happens when you try to pour a gallon of milk into an 8 ounce glass.
A lot of applications do not check the length of a message, section of a file before attempting to copy the section into a memory buffer of a fixed size. If the assumption is incorrect the extra bytes of information override memory locations past the limits of the buffer. This causes memory corruption. If done right it can also cause an override of the return address from the last routine call. If you override the return address this way you can then direct the processor to start executing at the location you inserted and as such you now pown the machine. The computer is now running your code instead of the program it was running before.
Very old hacking technique that still works because of a programmer error of not verifying that the content of one will fit in the other before attempting the operation. Had it checked it would not have attempted to pour a gallon into an 8 ouch glass. The whole thing is easy to avoid if you study the code and fix those mistakes.
BTW the source of the problem is usually old C code, a lot of times a library or even parts of the kernel.
Well I guess you're in luck then...
Gotta tell ya, it feels extremely disturbing and weird to depend on your Windows VM for ssh functionality... that's the only solution for me right now.
Funny enough, telnet still works
strange..Well I guess you're in luck then...
Gotta tell ya, it feels extremely disturbing and weird to depend on your Windows VM for ssh functionality... that's the only solution for me right now.
Funny enough, telnet still works
I'm running 10.5.2 and all is good, so far. I actually had a little bit of flakey response with OS X this morning. Spotlight wasn't working 100% and I kept getting syncServer crashes. I cleaned the cache's and repaired permissions and it seems better.
Are you running ssh in the terminal or some other program? I tested it through the terminal.
When it takes over 15 minutes for my machine to reboot AND load up all the apps and files I had open? Meaning I wasted over a half hour today because of reboots?
HELL, YES it matters.
Would it really have killed apple to hold the Safari update a few hours so they could release the two together and only require one reboot?
Terminal as usual.
As you can see on the Apple Support thread more reports are coming in, including bug reports, have seen some other reports on different forums to.
What causes the bug is unknown, Permission Repair, Cache cleaning etc. don't fix it...
I wonder if something got messed up in the firewall settings. I'm curious what it could be and also why my machine wasn't affected.
My 10.5.2 macbook pro is still has not restarted yet after installing this update - its been on the blank-blue-screen-with-gray-spinny-progress-indicator for about 30 minutes now. I installed at the same time as Safari 3.1, airport utility update and a Pro Apps Support update... Should I just kill the thing? This is taking way longer than a permissions repair or something.
I had the same issues when installing the Safari 3.1 update. I killed it after 15 minutes, but I'm glad I was away from my desk or it would have been a WTF moment. Anyway, I restarted it and then it went through the install stage after booting up. Then it reboot again.My 10.5.2 macbook pro is still has not restarted yet after installing this update - its been on the blank-blue-screen-with-gray-spinny-progress-indicator for about 30 minutes now. I installed at the same time as Safari 3.1, airport utility update and a Pro Apps Support update... Should I just kill the thing? This is taking way longer than a permissions repair or something.
I just killed Little Snitch and the OSX firewall isn't running.
It's not a firewall thing, the Bus Error isn't an "I can't connect error", it's an "openSSH has gone haywire error" as far as I can gather.
Just look at the bug reports submitted in the Apple thread, the application just dies, badly.
_DESCRegisterDockExtraClient failed 268435459
Can anyone else check their console logs. Near the end of the logs for startup, I get this error:
Dock[103]: _DESCRegisterDockExtraClient failed 268435459
Anyone have any idea what this is? Anyone else seeing this error?
Dock and widgets both seem fine. I'm not running any hacks. Just have the 2D dock on the bottom. Can't tell if this is a new error or not.
And yes....I'm a geek and check these things for no reason!
-Kevin
Can anyone else check their console logs. Near the end of the logs for startup, I get this error:
Dock[103]: _DESCRegisterDockExtraClient failed 268435459
Anyone have any idea what this is? Anyone else seeing this error?
Dock and widgets both seem fine. I'm not running any hacks. Just have the 2D dock on the bottom. Can't tell if this is a new error or not.
And yes....I'm a geek and check these things for no reason!
-Kevin
oh i see - pgwalsh, thanks for the info. They have an indicator in Leopard now of the installs that are happening when you start up. How nice! you are now no longer left in the dark... at least that is the idea - if your machine ever shuts down in the first place!
Well, if time is that crucial, I suggest not updating machines until you have the time to do so. Like, maybe at the end of the week in the evening before you go home from work, or before you go to bed. The only reason time is being wasted is because you are hanging on every update every single day. You download as soon as one comes out. If you didn't do that and just collected the updates as you wanted, you'd be fine.
If I remember correctly, 10.5.1 was just a patch that Apple found that was severe. It was fixed within a week. Vista has been getting regular updates for the past 14 months since it came out. Every other Tuesday, Windows Update sparks with 4 new updates and so on.
I know how people think that Apple and a Macintosh are the utopias of computers, but seriously, doesn't it get old bashing Microsoft and Vista after a while?