Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

Apple Security Update 2007-002, Daylight Savings Update and More

MacRumors

macrumors bot
Original poster
Apr 12, 2001
50,480
11,864
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

Apple released a number of software updates today under Mac OS X's Software Update feature. The first is a security update that "is recommended for all users and improves the security of the following components:"

- CoreServices
- iChat
- UserNotificationCenter

More detailed information about the changes are listed at Apple.

Apple also revealed a Daylight Saving Time Update due to recent changes on the dates Daylight Savings will occur this year:

The Daylight Saving Time Update for Mac OS X and Mac OS X Server addresses recent changes in the way Daylight Saving Time will be observed in the U.S. and Canada beginning in March 2007 and includes the latest time zone information for the rest of the world.

More information is at http://docs.info.apple.com/article.html?artnum=305056

Other updates also listed by Apple include:

- Java for Mac OS X 10.3 Update 5
- Java for Mac OS X 10.4 Update 5
- WebObjects 5.3.3
- Final Cut Pro 5.1.3
 

ksgant

macrumors 6502a
Jan 12, 2006
669
202
Chicago
I JUST got my 24" iMac yesterday, and thought my software updates were going to be done for a while, then I noticed this popping up.

Worked perfectly though, so no complaints.
 

gerrycurl

macrumors newbie
Jun 3, 2004
29
0
nvidia 7300 firmware for mac pro

here's the link from apple, as usual no information:

http://www.apple.com/downloads/macosx/apple/firmware_hardware/geforce7300gtfirmwareupdate.html

i was hoping this firmware update would allow me to now get the drivers to have portrait view on my samsung 24" synchmaster, but it gives me nothing.

what the heck is this firmware for? performance enhancements?

and how come nvidia has no apple drivers or software?

i'm freaking frustrated with nvidia, this will only force me to go with ati, or buy a completely new rig and install windows vista... all i want is portrait view!

by the way, i installed all the other updates, things are working smoothly...
 

Doctor Q

Administrator
Staff member
Sep 19, 2002
38,326
4,750
Los Angeles
Security Update 2007-002 details

Finder

Mounting a maliciously-crafted disk image may lead to an application crash or arbitrary code execution
A buffer overflow exists in Finder's handling of volume names. By enticing a user to mount a malicious disk image, an attacker could trigger this issue, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-09-01-2007). This update addresses the issue by performing additional validation of disk images. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.​

iChat

Attackers on the local network may be able to cause iChat to crash
A null pointer dereference in iChat's Bonjour message handling could allow a local network attacker to cause an application crash. A proof of concept for this issue in Mac OS X v10.4 has been published on the "Month of Apple Bugs" website (MOAB-29-01-2007). A similar issue exists in Mac OS X v10.3. This update addresses the issues by performing additional validation of Bonjour messages.​

iChat

Visiting malicious websites may lead to an application crash or arbitrary code execution
A format string vulnerability exists in the iChat AIM URL handler. By enticing a user to access a maliciously-crafted AIM URL, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-20-01-2007). This update addresses the issue by performing additional validation of AIM URLs.​

UserNotification

Malicious local users may be able to obtain system privileges
The UserNotificationCenter process runs with elevated privileges in the context of a local user. This may allow a malicious local user to overwrite or modify system files. A program that triggers this issue has been published on the "Month of Apple Bugs" website (MOAB-22-01-2007). This update addresses the issue by having UserNotificationCenter drop its group privileges immediately after launching.​
 

apfhex

macrumors 68030
Aug 8, 2006
2,670
4
Northern California
Interesting all MOAB fixes. Like to see MS respond to a Month of Vista Bugs. :D

I thought the DST issue had been addressed long ago, or have there been even more recent changes to DST? Ah I see, they're addressing more regions, as well as 10.3 users. :cool:

The 2007 time zone and Daylight Saving Time rule changes for the United States and most of Canada are already available in Mac OS X 10.4.5 or later.

Some additional regions that recently adopted time zone and DST changes are available in the February, 2007 Daylight Saving Time Update.
 

Markabre

macrumors newbie
Feb 15, 2007
5
0
I wonder if this is due to some kind of delay with 10.4.9. It seemed just around the corner a few weeks ago with constant seeds and few known issues but then it all went quiet....
 

MrCrowbar

macrumors 68020
Jan 12, 2006
2,043
209
Well, it's cool to see that Apple fixes the thing addressed in the month of apple bugs so quickly.
 

jonharris200

macrumors 6502
Feb 25, 2006
394
7
London, UK
iMac 20" and black MacBook*, both Intel Core 2 Duo, both running Tiger 10.4.8, both updated fine.

* Refurb, arrived today, with 2GB RAM - yay! Sorry to repeat myself from other threads, I'm just very happy about that. :D Many thanks :apple:
 

Markabre

macrumors newbie
Feb 15, 2007
5
0
Apple is waiting on some important stuff before releasing 10.4.9 ;)

Hang Loose

Yeah this certainly gives me that kinda feeling. Either:

- its done and they're waiting for something for it to coincide with. I would assume a release before iphone/leopard/wwdc however.
- It's already complete well in advance of when they needed it so they can now concentrate on Leopard.
- It's been delayed to add more features than initially planned

...and why the hell am i being sucked into speculating about apple..and not a particularly exciting release either. i think i caught the bug :/ help!
 

Grakkle

macrumors 6502a
Oct 6, 2006
624
2
Earth
Updated. Haven't noticed any difference thus far - but I've only been using the computer for a few minutes.
 

lancestraz

macrumors 6502a
Nov 27, 2005
898
0
RI
I kernel panicked after the updates. Had to boot from the install DVD and repair disk.

Everything seems fine now.
But still... Grrrr...
 

boxandrew

macrumors member
Apr 27, 2005
78
0
Oklahoma, OK
Slow download

All the updates downloaded fine except the 10.4 Java Update, which my mac currently estimates will take another 10 hours. Could just be a problem my end, but why would the Security and Timezone Updates be so fast compared to this? :confused:
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.