Good job Apple! It's good to know they really care about security and do their best to fix holes as soon as possible. Now bring on 10.3.4! 
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Mac OS X Security Update 2004-5-24
- Thread starter MacRumors
- Start date
- Sort by reaction score
nagromme said:
voodoofish said:
From a subjectivity and from a literal sense, I understand nagromme's move from three to four. It's four to five that's got me reaching for another coffee.
Incidentally, patch uploaded and everything is fine.
MS logic
As I say, I see that "logic" around--it's not my own, and it's not logic!
3 to 4 is illogical. Two flawed products (like all OSes) are not automatically "just as good" as each other. One might just happen to be better!
4 to 5 is worse yet.
Yet watch for people to look at the news of non-stop Windows flaws, many exploited as real viruses, and at the news of occasional quickly-patched OS X flaws... and then conclude that Windows is better.
(Obviously the only logic is that they had already made up their minds that most-popular must mean best.)
nagromme said:Learn it well:
1. Windows has continual and major problems.
2. But no OS is ever perfect.
3. Mac OS is not perfect
4. Therefore Windows is just as good as Mac OS.
5. Therefore Windows is better than Mac OS.
QED.
Been seeing that "logic" around a LOT lately. Watch for it
voodoofish said:
As I say, I see that "logic" around--it's not my own, and it's not logic!
3 to 4 is illogical. Two flawed products (like all OSes) are not automatically "just as good" as each other. One might just happen to be better!
4 to 5 is worse yet.
Yet watch for people to look at the news of non-stop Windows flaws, many exploited as real viruses, and at the news of occasional quickly-patched OS X flaws... and then conclude that Windows is better.
(Obviously the only logic is that they had already made up their minds that most-popular must mean best.)
guet said:
Well the first problem I guess is better now then before
I tried one of those tests and it mounted automatically and ran (even if I said in Safari "don't open files")
Now I do it and it mounts, but nothing is run, I need to click on the file to launch it, so it is better now, but i guess might need improvements in the future
As for your Telnet Demo well that might need looking into
voodoofish said:
Sunday, November 23, 2003 22:57:32 Europe/London: Installed "QuickTime" (6.4)
Sunday, November 23, 2003 22:57:46 Europe/London: Installed "iTunes" (4.1)
Sunday, November 23, 2003 22:58:02 Europe/London: Installed "Java" (1.4.1)
Sunday, November 23, 2003 22:58:22 Europe/London: Installed "iCal" (1.5.1)
Sunday, November 23, 2003 23:03:15 Europe/London: Installed "Mac OS X Update" (10.2.8)
Sunday, November 23, 2003 23:09:58 Europe/London: Installed "Bluetooth Software" (1.3.3)
Sunday, November 23, 2003 23:10:00 Europe/London: Installed "QuickTime for Java Update" (v2.0)
Sunday, November 23, 2003 23:10:27 Europe/London: Installed "iSync" (1.3)
Sunday, November 23, 2003 23:13:43 Europe/London: Installed "Security Update 2003-11-19" (1.0)
2003-11-29 12:43:08 +0000: Installed "AirPort Software" (3.2)
2003-11-29 12:43:52 +0000: Installed "Bluetooth Software" (1.4.1)
2003-11-29 12:45:14 +0000: Installed "Mac OS X Update" (10.3.1)
2003-12-06 18:52:38 +0000: Installed "Security Update 2003-11-19" (1.0)
2003-12-06 18:52:43 +0000: Installed "Security Update 2003-12-05" (1.0)
2003-12-18 08:26:11 +0000: Installed "Apple Remote Desktop Client" (1.2.4)
2003-12-18 08:26:15 +0000: Installed "Battery Update" (1.1)
2003-12-18 08:27:57 +0000: Installed "Mac OS X Update" (10.3.2)
2003-12-20 17:17:16 +0000: Installed "iTunes" (4.2)
2003-12-20 17:18:47 +0000: Installed "QuickTime" (6.5)
2003-12-20 17:18:57 +0000: Installed "QuickTime MPEG-2" (6.4)
2003-12-20 17:19:07 +0000: Installed "Security Update 2003-12-19" (1.0)
2003-12-20 18:00:11 +0000: Installed "Xcode Update" (1.1)
2004-01-19 23:47:18 +0000: Installed "iCal" (1.5.2)
2004-01-27 02:31:29 +0000: Installed "AirPort Software" (3.3)
2004-01-27 02:31:42 +0000: Installed "Security Update 2004-01-26" (1.0)
2004-02-03 07:32:02 +0000: Installed "Java 1.4.2" (1.4.2)
2004-02-03 07:32:21 +0000: Installed "Safari" (1.2)
2004-02-05 20:34:08 +0000: Installed "Bluetooth Software" (1.5)
2004-02-17 20:07:02 +0000: Installed "iSync" (1.4)
2004-02-23 23:19:17 +0000: Installed "Security Update 2004-02-23" (1.0)
2004-02-27 16:38:23 +0000: Installed "iSight Update" (1.0.2)
2004-03-08 19:39:34 +0000: Installed "AirPort Software" (3.3.1)
2004-03-13 00:04:07 +0000: Installed "iPod Software" (1.3.1)
2004-03-16 19:07:24 +0000: Installed "Mac OS X Update" (10.3.3)
2004-03-24 07:47:12 +0000: Installed "iChat Update" (2.1)
2004-03-27 17:20:04 +0000: Installed "iPod Software" (2.1)
2004-04-06 07:18:49 +0100: Installed "Security Update 2004-04-05" (1.0)
2004-04-10 12:18:43 +0100: Installed "Apple Remote Desktop Admin" (1.2)
2004-04-25 11:23:13 +0100: Installed "AirPort Software" (3.4)
2004-04-25 11:24:29 +0100: Installed "Apple Bluetooth Module Firmware Update" (1.1)
2004-05-01 20:04:53 +0100: Installed "iPod Update 2004-04-28" (3.0)
2004-05-04 00:14:31 +0100: Installed "QuickTime" (6.5.1)
2004-05-04 00:16:02 +0100: Installed "AirPort Software" (3.4.1)
2004-05-04 00:16:15 +0100: Installed "Security Update 2004-05-03" (1.0)
As long as it is in their best financial interest to do security fixes, they will. Microsoft also frequently makes available patches for KNOWN security issues in very short times after PUBLIC announcement.
If it isn't well known by being put up on some often viewed news site, and then focused attention on even more by getting placed on a mac rumor page, then they will be in no hurry to do anything about it. Remember, this is business. Don't ever think Apple is in this game for the consumer half as much as Apple is in it for Apple.
Apple could easily be likened to Microsoft in the OS realm now.
If it isn't well known by being put up on some often viewed news site, and then focused attention on even more by getting placed on a mac rumor page, then they will be in no hurry to do anything about it. Remember, this is business. Don't ever think Apple is in this game for the consumer half as much as Apple is in it for Apple.
Apple could easily be likened to Microsoft in the OS realm now.
update messed up os x?
Not sure if it was this update that did it but only updated this and web objects.
Basically on Sharing in the system preferences i have personal web sharing ticked but it is greyed out and can't click start, so apache wont now work. And finder no longer works! if i click on a flder it just stays blank with the spinning thing in the corner. If i click back then forward straight after the contents show. Any folder i have been to then shows straight away. Any ideas how to fix this. I need apavhe working and this finder thing makes it near unuseable
BTW...yup i've repaired permissions
Not sure if it was this update that did it but only updated this and web objects.
Basically on Sharing in the system preferences i have personal web sharing ticked but it is greyed out and can't click start, so apache wont now work. And finder no longer works! if i click on a flder it just stays blank with the spinning thing in the corner. If i click back then forward straight after the contents show. Any folder i have been to then shows straight away. Any ideas how to fix this. I need apavhe working and this finder thing makes it near unuseable
BTW...yup i've repaired permissions
I'm not sure what you meant by "many configurations", I'm asuming you are talking about the myriad of hardware platform configurations. AFAIK, the nature of the security exloits we are talking about are completely platform inspecific. They are in the application code and supporting libraries which are all written to the OS API's, not the hardware drivers. (There have been DirectX security exploits, but I'm pretty sure they were in higher level code than anything that would be platform specific.)SiliconAddict said:
Am I wrong?
eric_n_dfw said:
Even if the code had to be tested on 20 times the computer hardware set-ups as Apple's code, Microsoft is a bigger company and so they should be spending more money on de-bugging patches. To say "Give MS a break, they have more work to do." is total and complete bull****.
Hugin777 said:
The first link did not mount anything. Safari seemed to "think" about it, but it never did anything. Links two and three downloaded and mounted disk images, but the script inside did not automatically run.
Calebj14 said:
No, of course it didn't. That's what step 3 does. A real exploit would use a simple trick to first do step 1 then step 3. I'm just a nice guy who don't want to scare you
evoluzione said:i don't know if i like all these security updates, just reminds of microsoft if you ask me
Be Real. You're going to have security updates. If you are lucky, they will be far in advance of the bad guys.
Oops - it's WORSE!
Looks like the Help Viewer exploit was just the tip of the iceberg.
Turns out that ANY new application including those contained within disk images (which STILL automatically mount with no user action) AUTOMATICALLY gets ANY custom protocol handlers installed on your system!
This makes the Help Viewer problem, as serious as it was, seem insignificant!
Looks like the Help Viewer exploit was just the tip of the iceberg.
Turns out that ANY new application including those contained within disk images (which STILL automatically mount with no user action) AUTOMATICALLY gets ANY custom protocol handlers installed on your system!
This makes the Help Viewer problem, as serious as it was, seem insignificant!
Freg3000 said:I dunno I am going to wait to install it. Maybe it is paranoia, maybe it is a typo, but the mistaken date is annoying to me. Maybe Apple accidentally released this early?
Ok fine, i just don't want to break my uptime.
Edit: Well, no restarted needed......but I'll still wait.
wait for what? And who is actually impressed by uptime? It's what you DO in the uptime that's cool/important/impressive/useful. Surely.
I love Apple as much as the next person here, but let's be honest. We're slamming Windoze, but if we had as many users and if our OS was as popular as XP then we'd be experiencing the same problems. We're lucky that we're only 3-5% of the population of computer users, nobody really cares about us. If we were 40% then I could see us having more attacks and security updates.
Juventuz said:
Exactly. This is why MacOS seems more secure; there are less people looking for holes.
Juventuz said:
I understand you view, I too think about this, It can happen, I guess it will happen
But then some people might bring in the fact the Apache with an Open source system is running all these web servers etc
M$ IIS servers are more vulnerable etc and they have less market share
I'm not rejecting your comment, but even if Mac OS X was popular wouldn't we avoid all the silly security flaws like the ones in Windows?
I mean the serious silly flaws, (would we call these flaws in OS X silly?)
I guess no OS is perfect, that wouldn't be fun at all, as for Windows it would give a new meaning to the word "Fun"
It looks as if KDE had a similar URI handler issue.
http://www.securityfocus.com/bid/10358/discussion/
http://www.securityfocus.com/bid/10358/discussion/
you are an idiot
yeah, lets be UN-MSFT and not update the os.
i think your tin-foil hat is on too tight
evoluzione said:i don't know if i like all these security updates, just reminds of microsoft if you ask me
yeah, lets be UN-MSFT and not update the os.
i think your tin-foil hat is on too tight