Apple Releases Security Update 2009-004 for Leopard and Tiger

[The ArchAngel]

Just received the notification in my inbox, also verified that the patch is available now via Software Update.

Size on my early 2008 MBP is 10.1 MB (running 10.5.8).

 

[celticpride678]

Yep. I can confirm it is there and am downloading now. That's like 1000 updates in like two weeks Apple. Thanks, but slow down. Looks like they want to make Leopard as perfect as possible before Snow Leopard.

 

[The ArchAngel]

According to the Apple bulletin, this appears to resolve the BIND DNS vulnerability noted in CVE-2009-0696.

 

[celticpride678]

Everything downloaded and installed fine. Installation went through in 10 seconds and everything works fine.

 

[yellow]

Got the notification, but not seeing it in SUS, which is a pain. Scheduled my servers to go down for 2009-003 today from 4PM to 5PM. All patched, and now I get a notification that 2009-004 is out. Bitches!

NOTE: This is really a non-patch unless you're running Mac OS X Server and providing DNS.

I'd be more interested in Apple fixing the **** they broke on 10.5.8 Server patch that made the SN daemon freak out and lock the server if you have 2 NICs.

 

[yellow]

NOW they're available to my Software Update Server. /elbow to throat!

 

[MacRumors]

Apple Releases Security Update 2009-004 for Leopard and Tiger

Apple today released Security Update 2009-004 for both Mac OS X Leopard and Tiger via Software Update and Apple's downloads page. The release comes just one week after the release of Mac OS X 10.5.8 and Tiger Security Update 2009-003.

- Security Update 2009-004 (Leopard) (166 MB)

- Security Update 2009-004 (Tiger Intel) (166 MB)
- Security Update 2009-004 (Tiger PPC) (130 MB)
- Security Update 2009-004 (Server Tiger Universal) (204 MB)
- Security Update 2009-004 (Server Tiger PPC) (130.97 MB)

According to the associated security support document, the update addresses a vulnerability in the BIND suite of Unix utilities that works with the Domain Name System (DNS). There is reportedly a public exploit of the vulnerability in "wide circulation" at this time.

Article Link: Apple Releases Security Update 2009-004 for Leopard and Tiger

 

[daneoni]

Like i said earlier...update crazy this past week and a half

 

[celticpride678]

Everything downloaded and installed fine and fast. Looks good. Apple needs to slow down a bit with the updates. But they are just trying to make Leopard as good as possible before Snow Leopard.

 

[Mal]

From the description of the exploit, it appears to only affect DNS Servers, and causes a server crash. Most people won't be affected by this. Still nice to see problems getting fixed.

jW

 

[rth231]

Just received the notification in my inbox, also verified that the patch is available now via Software Update.

Wait... How do you get software update notifications in your inbox?

 

[yellow]

Wait... How do you get software update notifications in your inbox?

Apple Product Security mailing list. If you're not an IT person, I wouldn't bother. If you are, http://lists.apple.com

 

[flottenheimer]

With all these security updates I wonder when we will all suffer under a grand mac worm/virus/exploit/whatever-attack.

 

[Blaat Mekker]

This should have been in the 10.5.8 update as this vulnerability has been known since July 28th.

 

[Mal]

With all these security updates I wonder when we will all suffer under a grand mac worm/virus/exploit/whatever-attack.

The point of security updates is to make sure we don't suffer from any such thing. I expect the first virus/worm will appear on Mac OS X in, oh, 30+ years? Seriously, I don't anticipate ever seeing one. Exploits are different, and they exist, but it's a direct contact approach. Someone would have to actively be trying to gain access to your machine or cause problems, so the effect is minimal. Still good to patch to try and eliminate those, but you won't see widespread effects of something like that.

jW

 

[Komiksulo]

I wonder whether there will be a similar update for the Time Capsule and other Apple routers? Unlike most users' computers, they *do* use the DNS server, don't they?

 

[shawnce]

All this chatter for a security update to BIND which is off by default and likely very few have enabled it (really only visible under Mac OS X server UI wise).

 

[JQW]

From the description of the exploit, it appears to only affect DNS Servers, and causes a server crash. Most people won't be affected by this. Still nice to see problems getting fixed.

jW

If the fix is to one of BIND's libraries then it's possible that other code dependant upon this library could also be at fault.

 

[shawnce]

I wonder whether there will be a similar update for the Time Capsule and other Apple routers? Unlike most users' computers, they *do* use the DNS server, don't they?

While they use DNS they don't run their own DNS servers (BIND). They do publish their existence using mDNS (aka Bonjour) but that is unrelated to BIND.

 

[SuparShadow]

is anybody having a problem with this update?

I installed it and shortly afterwards found myself unable to drag anything (not just in the Finder, but throughout the whole OS)

 

[Michaelgtrusa]

I was surprised at how fast it installed!

 

[zacheryjensen]

You all missed the most important change made in this update: The iDisk icon is no longer pink!

I miss it already.

 

[Blaat Mekker]

You all missed the most important change made in this update: The iDisk icon is no longer pink!

I miss it already.

Uhm, that has been the case since the 10.5.8 update.

 

[RazHyena]

Just downloaded it.

There's been a lot of these this week.

 

[richard.mac]

Uhm, that has been the case since the 10.5.8 update.

to be nice, that wasnt all that long ago