Mac OS X Security Update 2003-11-19

[Counterfit]

In panther's software update, you can choose to install and keep package. Then distribute as you will.

 

[Lz0]

So you can!

Thanks

 

[Ambrose Chapel]

originally posted by X86BSD
My friend has been sitting on a remote root issue that affects all versions of OS X for months. Apple has *finally* agreed it will get addressed in a future patch. I Love OS X and Apple but come on, they need a serious blow to the head with a blunt object to get them to take a bug serious and do something about it. They finally agreed to patch it after many emails back and forth and finally a pretty curt "fix the issue or im releasing it into the wild without you having time to fix it." email. So let's not all fawn over Apple's "speedy" patch timing.

guess he was talking about this:
http://www.carrel.org/dhcp-vuln.html

Why did you release this when you did?
This was an exploitable remote root vulnerability. After Apple reneged on the Nov. 3rd release date I gave them 2-3 weeks. After the 2-3 weeks were up, I asked for the status and they said "December". Meanwhile, users are left exposed and independent rediscovery seemed fairly likely. And maybe by someone less scrupulous than myself. I felt I was being strung along and that the issue may never get properly addressed so I set a hard deadline at that point. They didn't meet it, and I issued my advisory.