Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Releases Security Update 2010-001 for Snow Leopard and Leopard

MacBook Pro trashed by this Security Update 2010-001

CD MBP1,1 stuck at gray no entry screen, advanced repair attempts give me "No valid packages" , which might mean BaseSystem.pkg has been moved/disturbed by the software update. Looks like an original system disc restore is needed

CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION!

only other thing to add is that I removed Adobe Flash from all my Macs years ago, and delete it whenever it creeps back, due to vulns.
This SecUpd is supposed to patch Flash, which I haven't got? is that a clue??


________________________________
MacBook Pro 15" 2006, 2GHz CPU 1GB RAM 100GB ST9100824AS HDD OS X 10.6.2
 
If there's no 10.6.3 in the near future, that means I'm off to format my 1 year old MacBook Pro that's acting like a 7 year old PC, and put Leopard back! Off for a few days of hell reinstalling all my apps and all that stuff... Or maybe I'll just go back to Windows XP! Even though it's 10 years old now, it's still 10 times more stable than this lame excuse for an operating system that we call Snow Leopard. Even my 5 year old 512 MB RAM, 1.6 GHz single core computer with XP was more stable than this!
 
These changes are already in OSX 10.6.3. So that release is by no means imminent.
 
cyclotron451 said:
CD MBP1,1 stuck at gray no entry screen, advanced repair attempts give me "No valid packages" , which might mean BaseSystem.pkg has been moved/disturbed by the software update. Looks like an original system disc restore is needed

CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION!

only other thing to add is that I removed Adobe Flash from all my Macs years ago, and delete it whenever it creeps back, due to vulns.
This SecUpd is supposed to patch Flash, which I haven't got? is that a clue??


________________________________
MacBook Pro 15" 2006, 2GHz CPU 1GB RAM 100GB ST9100824AS HDD OS X 10.6.2
Click to expand...

Hosed my 2,1 MBP too. I'm pissed off!!! This is a load of crap!!!
 
cyclotron451 said:
CD MBP1,1 stuck at gray no entry screen, advanced repair attempts give me "No valid packages" , which might mean BaseSystem.pkg has been moved/disturbed by the software update. Looks like an original system disc restore is needed

CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION! CAUTION CAUTION CAUTION!

only other thing to add is that I removed Adobe Flash from all my Macs years ago, and delete it whenever it creeps back, due to vulns.
This SecUpd is supposed to patch Flash, which I haven't got? is that a clue??


________________________________
MacBook Pro 15" 2006, 2GHz CPU 1GB RAM 100GB ST9100824AS HDD OS X 10.6.2
Click to expand...

Working great on my MacBook Pro that is an identical model to yours, but then again I did a clean install of Snow Leopard.

Also for those having serious problems with it not being stable I highly suggest you do a clean install as well. Snow Leopard is working fantastic on both of my machines with little to no hang ups at all.
 
No snow on my Leopard that runs around my MacBook 2008 and the update is fine and dandy.

Hope anyone with problems is OK now.
 
greg400 said:
Working great on my MacBook Pro that is an identical model to yours, but then again I did a clean install of Snow Leopard.

Also for those having serious problems with it not being stable I highly suggest you do a clean install as well. Snow Leopard is working fantastic on both of my machines with little to no hang ups at all.
Click to expand...


I am running a clean install of SL. For the record, I've never had a serious problem like this before after any type of update.
Sadly this time, not so lucky. :(
But it looks like my expensive decision to have a "backup" MBP in reserve is going to pay off big time. I use my machine for my business & would have been even more pissed had I not had a plan B.

EDIT: After repairing disk permissions and several reboots I think my machine is back in order. Sheesh...what a scare. I have to confess that since switching to Mac as my primary platform I've become very VERY lazy regarding system maintenance. Mac is just that much better that, usually, things "just work". :)
 
Maybe Apple can fix the issues with the X1900 graphics card so that I can update to 10.6.2 without my Matrox MXO crapping out!
 
I had no issues whatsoever on my Macbook Pro 5,1. Running SL upgrade from Leopard.
 
Maybe a mirror is needed.

zero85ZEN said:
........


EDIT: Really starting to look like this hosed my system. Painfully slow boots and shutdowns and beachballing constantly. ....sigh....
Looks like time to reformat and start from scratch. (Thought I left the days of totally having to re-install the OS every six months when I left Windows....)

:(
Click to expand...

Not to be unkind but if these problems follow you around, OS to OS, where is the problem?


Dave
 
Apple's summary of changes

CoreAudio - Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution
A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tobias Klein of trapkit.de for reporting this issue.​

CUPS - A remote attacker may cause an unexpected application termination of cupsd
A use-after-free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination. This issue is addressed through improved connection use tracking.​

Flash Player plug-in - Multiple vulnerabilities in Adobe Flash Player plug-in
Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-19.html Credit to an anonymous researcher and Damian Put working with TippingPoints Zero Day Initiative, Bing Liu of Fortinet's FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR).​

ImageIO - Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2.​

Image RAW - Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution
A buffer overflow exists in Image RAW's handling of DNG images. Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Jason Carr of Carnegie Mellon University Computing Services for reporting this issue.​

OpenSSL - An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL
A man-in-the-middle vulnerability exists in the SSL and TLS protocols. Further information is available at http://www.phonefactor.com/sslgap A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation. Credit to Steve Dispensa and Marsh Ray of PhoneFactor, Inc. for reporting this issue.​
 
Lol!!!

wizard said:
Not to be unkind but if these problems follow you around, OS to OS, where is the problem?


Dave
Click to expand...

Dave, not be be unkind but if you don't know how crappy Windows is I'm not going to be able to enlighten you. For your info I was a network systems admin for six years and have had up close and personal experience supporting Windows NT through XP. Then I got out and changed my career path.

Apple's whole marketing strategy is "it just works". And, for the most part, their products do just work. The most refreshing thing about moving to Mac was the fact that I didn't have to get under the hood and figure out how to fix problems left and right. I want to USE my computer as a tool to do things/make things with now. Macs are great for that. Windows is great for having to fix problems so you can use your computer to do things.

OS X is a superior operating system than Windows. It almost always works. Maybe not always at optimal performance if you don't take the time to tweak it, but it usually works fairly well nonetheless.

THAT is the standard that I've become accustomed to with Mac. And it's a huge part of how Apple positions themselves and markets their products.

So, when a routine security update instantly trashes my OSs ability to, well, simply work like it should I think comparing that experience to the common unpleasant Windows user experience is not uncalled for.

But I do enjoy your snideness. It gave me a chuckle.
;)
 
As well as components listed above, the update also replaces the Security framework itself. This framework handles authorisation, keychain services and certification management. This may be related to the OpenSSL fixes, but as the framework isn't linked against the OpenSSL library it's difficult to say.

The problems that others are experiencing may be due to them having installed some non-Apple software that depends on an older version of the Security framework, and which no longer works with the current one. It would explain why users are receiving 'No-entry' signs when attempting to login.
 
zero85ZEN said:
Beachballing constantly. My machine is totally bogged down and barely usable. Super slow reboot after downloading patch. Strange gray pixilated pattern on reboot between gray and blue boot screen. Mostly just Sloooooow and beachballing like crazy.
:mad:

This is on my 17" Classic MBP (see sig below) running SL updated to latest version.


EDIT: Really starting to look like this hosed my system. Painfully slow boots and shutdowns and beachballing constantly. ....sigh....
Looks like time to reformat and start from scratch. (Thought I left the days of totally having to re-install the OS every six months when I left Windows....)

:(
Click to expand...


I had constant beachball on my 13.3" MacBook Pro. A faster HDD and memory upgrade solved the problem. Even those 'Genius' boys couldn't solve the problem.
 
xbjllb said:
WOW! My Superdrive burns and plays Blu-ray now perfectly on my iMac matte screen!

Looks incredible! This will REALLY help my workflow. Thanks Steve!

:apple:
Click to expand...

You best be trollin'. ;)

Installed the patch last night, went quickly, zero issues. :)
 
my MBP is still down

luckily there's only a few people reporting problems. My 2006 MacBook Pro running 10.6.2 , fully patched , lovingly maintained has suffered a difficult to recover from crash, due absolutely only to this security update. My latest repair attempt with my SL upgrade disk successfully repairs permissions, successfully completes disk first aid repair but when I try and install SL 10.6 , I get the comment
"Mac OS X can't be installed this computer" it further explains that
"this disc requires that Mac OS X 10.5 or later is already installed on your computer" , helpfully there is the option "if you wish to restore the system from a Time Machine backup - click restore"

so it seems that the security update 2010-001 has rendered the MBP totally system-less

My TM backup for this MBP (I have 8 MBP's) is around 3 months old, and I need to know more about the wording "if you wish to restore the system" as I'd very much like to keep my current user data. I'll finish to write my paper - due next wednesday - on my desktop iMac (as yet unpatched!) then either restore 10.4 from my original system disk, update to 10.5, then back to SL 10.6.2 , or I might try the Time Machine.

eitherway , it shows that although my MacBook worked normally great & all my many other shiny pieces of fruit work great !!! don't patch before a significant deliverable!!, (without having a todays TM image and user data backed up on MemStick & another machine). I haven't tried FireWire target disk on my 'trashed MBP' , that would likely be the fastest way back to my data, but happily I kept the parallel working documents on the different systems. (the document will eventually earn my company around 700k euros)
 
I did this update but no bootcamp upgrade for me. I'm running 10.6.2 on a new MBP. Where did you guys see your bootcamp drivers updated?

Boot Camp Assistant:

Version: 3.0.1
Last Modified: 5/19/09 2:02 AM
Kind: Intel
64-Bit (Intel): Yes
Get Info String: Boot Camp Assistant 3.0.1, Copyright © 2009 Apple Inc. All rights reserved
Location: /Applications/Utilities/Boot Camp Assistant.app
 
xlii said:
I did this update but no bootcamp upgrade for me. I'm running 10.6.2 on a new MBP. Where did you guys see your bootcamp drivers updated?
Click to expand...

did you download bootcamp Update 3.1 for Windows 32 bit from here http://support.apple.com/kb/DL996
or the 64 bit from here http://support.apple.com/kb/DL979
the Apple Vista unmount before Win7 is here http://support.apple.com/kb/DL977

these have to be installed other than by Software Update in Mac OS
I'll not be doing this just at the moment:eek:
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back