Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,979
34,771


Apple today released several security-related updates through Software Update and Apple's Support Downloads site.

Security Update 2009-001 addresses a number of vulnerabilities detailed in the update's support document, notably including the Safari RSS vulnerability disclosed in mid-January.
Multiple input validation issues exist in Safari's handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues.
The update is available in a number of versions:

- Leopard Universal (43.4 MB)
- Leopard Server Universal (46.54 MB)
- Tiger Intel (164.23 MB)
- Tiger PPC (74 MB)
- Tiger Server Universal (213 MB)
- Tiger Server PPC (141.76 MB)

Apple also released Safari 3.2.2 for Windows to patch the RSS vulnerability for Windows users.

Finally, Apple released Java updates for both Leopard (3 MB) and Tiger (1.6 MB). According to the support documents (Leopard, Tiger), both updates address the same vulnerabilities in the Java plug-in and Java Web Start.

Article Link: Apple Releases Security Updates, Addresses Safari RSS Vulnerability
 
Seems like i have an apple remote desktop update as well...Which is strange because I have 3.2.2 already...
 
What version of Safari did the update end at 3.2.1 or 3.2.2? I ran the updates and ended with 3.2.1
Safari refused to quite before the update installed. I forced quite but it stayed as an active task in Activity Monitor. I inspected it and Activity monitor said it did not exist but the memory was never freed up so I was wondering if the update was messed up.
 
What version of Safari did the update end at 3.2.1 or 3.2.2? I ran the updates and ended with 3.2.1
Safari refused to quite before the update installed. I forced quite but it stayed as an active task in Activity Monitor. I inspected it and Activity monitor said it did not exist but the memory was never freed up so I was wondering if the update was messed up.

3.2.1 for me after the update.
 

Attachments

  • Picture 2.png
    Picture 2.png
    36.1 KB · Views: 162
ok Good the number threw me at first especially with the glitch in Safari shutting down during the update.
 
JAVA update is a blessing

I can now log into the firewall at work. The JAVA version is now recognized by the firewall software. No need to boot into XP to check my work email.:)
 
After installing the update and rebooting, I wasnt able to launch Firefox or Safari without it crashing. I then logged into my Admin account and Firefox & Safari worked. I tried repairing permissions, didnt help. I then restarted the computer and everything is working fine now.

So, if anyone has any trouble, restart (2) times after the update.
 
I lost my Airport wireless settings after this update.

When I tried going into Keychain to lookup the pw, I got the message popup saying "access to this is restricted"

After deleting the key, and reassigning it, and then playing around with Keychain, everything's back to normal
 
I lost my Airport wireless settings after this update.

When I tried going into Keychain to lookup the pw, I got the message popup saying "access to this is restricted"

After deleting the key, and reassigning it, and then playing around with Keychain, everything's back to normal

No problems for me and WiFi. Update went smooth as silk.
 
This bug is rather scary in hindsight. I'll be glad to have it fixed.

servermgrd: Remote attackers may be able to access Server Manager without valid credentials
An issue in Server Manager's validation of authentication credentials could allow a remote attacker to alter the system configuration. This update addresses the issue through additional validation of authentication credentials.​
 
Download went fast, then when i clicked restart the screen froze (mouse to) had to hold down the power button for a restart and then run the updater again. Perfectly fine this time though!! YAH
 
apache is doomed on two of my servers after installing the securiti update. Be careful.
 
Downloaded the update (early 2008 MBP15.4/2.4) and the machine became stuck halfway through the install process -- all I can see is the "line spinner" stuck over the monochrome background.

Any suggestions? How much damage can I expect to have if I try to shut it down?

EDIT: panic's over. Apparently letting it brood for five minutes did the trick.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.