Mac OS X Security Update 2005-004

[Toe]

Security Update 2005-004

Security Update 2005-004 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

iSync

For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798

 

[PlaceofDis]

good catch, only a 1.1mb download and no restart needed, not our usual security update to say the least

 

[MacRumors]

On the heels of the Mac OS X 10.3.9 comes a Security Update (2005-004) - in your Software Update:

Security Update 2005-004 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

iSync

For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798/

It addresses a potential buffer overflow issue in a iSync related application.

 

[Mitthrawnuruodo]

Wow... that was small... didn't even need a restart...

 

[Doctor Q]

From http://docs.info.apple.com/article.html?artnum=301326:

Available for: iSync 1.5 on Mac OS X v10.2.8 and Mac OS X v10.3.x

Impact: A buffer overflow in iSync could lead to local privilege escalation.

Description: The iSync helper tool mRouter contains a buffer overflow vulnerability. This could result in the execution of arbitrary commands as root by local system users. Security Update 2005-004 fixes this issue by providing a patched version of mRouter. Credit to Braden Thomas for reporting this issue.​

 

[James Philp]

Security me up baby!, just call me fort Knox!
Weird, Software update just crashed, ran it again, and apparently the update has been installed!

 

[Daveway]

Does this include the Java fix?

 

[manu chao]

Could this be fixing this hole?
http://www.macbidouille.com/niouzcontenu.php?date=2005-03-31

Edit: It does, it was reported on that site already 25 January, i.e., 3 months ago. It was however not a really critical one since it was just a local privilege escalation issue (and if you were not using iSync, the simple solution was to just disable the affected binary).

 

[Lacero]

I was able to hold my breath during the update.

 

[mattster16]

java?

I wonder if Apple included a little hidden Java fix in this update. If not..they should have, would have been the perfect opportunity to get the problem out of the way with little fuss.

 

[amberashby]

Safari seems snapier!

 

[Hugin777]

Java...

As far as I know, a lot of people with the Java problem after 10.3.9 fixed it by just updating prebindings. One easy way to do this is to install the latest security update (as Apple recommends).

So I guess this is a quick way for Apple to fix the Java issue without actually mentioning it

 

[SpinUp]

Best. Security Update. Ever.

All told perhaps 15 seconds.

 

[javabear90]

As far as I know, a lot of people with the Java problem after 10.3.9 fixed it by just updating prebindings. One easy way to do this is to install the latest security update (as Apple recommends).

So I guess this is a quick way for Apple to fix the Java issue without actually mentioning it

unfortunatly, I still get a segmentation fault when I do the thing in terminal

 

[Eniregnat]

You would think that they might of know that they were going to fix this little bug and would of included it with the big OS upgrade.

 

[dontmatter]

man! it sucks when the security update is the best news of the day.

 

[neutrino23]

You would think that they might of know that they were going to fix this little bug and would of included it with the big OS upgrade.

Hard to know from the outside how these things get scheduled. At some point you have to stop changing the code and just test it or it will never get out the door.

 

[StarbucksSam]

I'm not getting it in SW update....

 

[e-coli]

The sucurity update screws up safari. It no longer recognizes "valign" commands.

Really really annoying. Really.

 

[rikers_mailbox]

man! it sucks when the security update is the best news of the day.

Here is better news.

 

[Balin64]

That was Fast!

Although... I am sure it would have been fine if I had not updated... I mean, Tiger is around the corner... but I am such a creature of habit.

All right: I promise that if Apple releases another update before Friday, I WILL NOT update... unless it turns my PB into a PB G5.

 

[DPazdanISU]

yea good stuff today, maybe we'll get a 1.1mb security update every other day until tiger is released

 

[kasei]

God I hope this doesn't screw up my system like 10.3.9 did. I had to revert back to 3.7 before I could get work my way back up to 10.3.9

 

[Object-X]

Why bother

Why bother, we're a single digit migit!

I feel like an 8 year old waiting for Christmas.

 

[aegisdesign]

As far as I know, a lot of people with the Java problem after 10.3.9 fixed it by just updating prebindings. One easy way to do this is to install the latest security update (as Apple recommends).

So I guess this is a quick way for Apple to fix the Java issue without actually mentioning it

No. The security update Apple recommends is the 2005-002 update which included updates to Java. It's not the prebinding that fixes the problem apparently.

The sucurity update screws up safari. It no longer recognizes "valign" commands.

Huh? it doesn't go anywhere near Safari or any of it's components.