Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,620
16,757


Apple today released several security-related updates through Software Update and Apple's Support Downloads site.

Security Update 2009-001 addresses a number of vulnerabilities detailed in the update's support document, notably including the Safari RSS vulnerability disclosed in mid-January.
Multiple input validation issues exist in Safari's handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues.
The update is available in a number of versions:

- Leopard Universal (43.4 MB)
- Leopard Server Universal (46.54 MB)
- Tiger Intel (164.23 MB)
- Tiger PPC (74 MB)
- Tiger Server Universal (213 MB)
- Tiger Server PPC (141.76 MB)

Apple also released Safari 3.2.2 for Windows to patch the RSS vulnerability for Windows users.

Finally, Apple released Java updates for both Leopard (3 MB) and Tiger (1.6 MB). According to the support documents (Leopard, Tiger), both updates address the same vulnerabilities in the Java plug-in and Java Web Start.

Article Link: Apple Releases Security Updates, Addresses Safari RSS Vulnerability
 

JustGretchen

macrumors 6502
Dec 2, 2008
464
0
Seems like i have an apple remote desktop update as well...Which is strange because I have 3.2.2 already...
 

Bernd

macrumors member
Sep 4, 2003
54
0
What version of Safari did the update end at 3.2.1 or 3.2.2? I ran the updates and ended with 3.2.1
Safari refused to quite before the update installed. I forced quite but it stayed as an active task in Activity Monitor. I inspected it and Activity monitor said it did not exist but the memory was never freed up so I was wondering if the update was messed up.
 

netnothing

macrumors 68040
Mar 13, 2007
3,704
325
NH
What version of Safari did the update end at 3.2.1 or 3.2.2? I ran the updates and ended with 3.2.1
Safari refused to quite before the update installed. I forced quite but it stayed as an active task in Activity Monitor. I inspected it and Activity monitor said it did not exist but the memory was never freed up so I was wondering if the update was messed up.

3.2.1 for me after the update.
 

Attachments

  • Picture 2.png
    Picture 2.png
    36.1 KB · Views: 116

Bernd

macrumors member
Sep 4, 2003
54
0
ok Good the number threw me at first especially with the glitch in Safari shutting down during the update.
 

wilsons66604

macrumors newbie
Sep 1, 2008
8
0
JAVA update is a blessing

I can now log into the firewall at work. The JAVA version is now recognized by the firewall software. No need to boot into XP to check my work email.:)
 

techmonkey

macrumors 6502a
Jun 8, 2007
596
0
After installing the update and rebooting, I wasnt able to launch Firefox or Safari without it crashing. I then logged into my Admin account and Firefox & Safari worked. I tried repairing permissions, didnt help. I then restarted the computer and everything is working fine now.

So, if anyone has any trouble, restart (2) times after the update.
 

NewMacbookPlz

macrumors 68040
Sep 28, 2008
3,266
0
I lost my Airport wireless settings after this update.

When I tried going into Keychain to lookup the pw, I got the message popup saying "access to this is restricted"

After deleting the key, and reassigning it, and then playing around with Keychain, everything's back to normal
 

pimentoLoaf

Contributor
Dec 30, 2001
1,979
6
The SimCity Deli
I lost my Airport wireless settings after this update.

When I tried going into Keychain to lookup the pw, I got the message popup saying "access to this is restricted"

After deleting the key, and reassigning it, and then playing around with Keychain, everything's back to normal

No problems for me and WiFi. Update went smooth as silk.
 

Doctor Q

Administrator
Staff member
This bug is rather scary in hindsight. I'll be glad to have it fixed.

servermgrd: Remote attackers may be able to access Server Manager without valid credentials
An issue in Server Manager's validation of authentication credentials could allow a remote attacker to alter the system configuration. This update addresses the issue through additional validation of authentication credentials.​
 

malachiman

macrumors regular
Sep 18, 2008
119
0
New Zealand
Download went fast, then when i clicked restart the screen froze (mouse to) had to hold down the power button for a restart and then run the updater again. Perfectly fine this time though!! YAH
 

Manderby

macrumors 6502a
Nov 23, 2006
500
92
apache is doomed on two of my servers after installing the securiti update. Be careful.
 

Am3822

macrumors 6502
Aug 16, 2006
424
0
Groningen, The Netherlands
Downloaded the update (early 2008 MBP15.4/2.4) and the machine became stuck halfway through the install process -- all I can see is the "line spinner" stuck over the monochrome background.

Any suggestions? How much damage can I expect to have if I try to shut it down?

EDIT: panic's over. Apparently letting it brood for five minutes did the trick.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.