Mac OS X Security Update 2007-001

[MacRumors]

Apple issued a security update for Mac OS X today. The update specifically addresses a possible security flaw in Quicktime:

Impact: Visiting malicious websites may lead to arbitrary code execution

Description: A buffer overflow exists in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution.

http://docs.info.apple.com/article.html?artnum=304989

A proof of concept exploting this bug was published at the Month of Apple Bugs site.

 

[xJulianx]

Second Quicktime update in the past month or so...

 

[MrCrowbar]

5 MB update, installed, rebooted, works.

 

[flopticalcube]

5 minutes earlier: https://forums.macrumors.com/threads/272897/

 

[bousozoku]

This is from the Month of Apple Bugs business, on the second day of January.

Glad to see that they're fixing something.

 

[Zwhaler]

First one of 2007. Pretty cool. Well not really, but at least I feel like my computer is more safe

 

[iJawn108]

Yay! I love getting updates, it's like I'm bonding with my macbook even more.

 

[BoyBach]

Still there's no update for the iTunes/iPod error-48.

My Nano just doesn't want to get along with iTunes.

 

[Kenndac]

Still there's no update for the iTunes/iPod error-48.

http://docs.info.apple.com/article.html?artnum=304893

This works fine for me until they get an update out. Just set it to PST and manually bump the time to the correct one.

 

[mkrishnan]

Still there's no update for the iTunes/iPod error-48.

My Nano just doesn't want to get along with iTunes.

This is a security update...it won't do anything for anybody's iPod....

 

[bluebomberman]

Whatever happened to the month of Apple bugs, anyway? Was this the only (now fixed) problem they found?

 

[BoyBach]

http://docs.info.apple.com/article.html?artnum=304893

This works fine for me until they get an update out. Just set it to PST and manually bump the time to the correct one.

Thank you very much.

 

[PDubNYC]

Needs 10.4.8

Guess I can't install it, beacause I don't want to use the turd that it 10.4.8 (my opinion). It has caused me nothing but grief. I stick with 10.4.5 for now.

 

[50548]

Another flawless update for me, as usual...

 

[TheBobcat]

Ooooh yeah, I forgot about the Month of Apple Bugs. Hm, well, updates are spiffy and it shows Apple is on top of this I guess.

 

[shawnce]

Whatever happened to the month of Apple bugs, anyway? Was this the only (now fixed) problem they found?

MOAB: http://projects.info-pull.com/moab/

MOAB "fixes": http://landonf.bikemonkey.org/code/macosx/

 

[nagromme]

I see that the Month of "Apple" Bugs has a bunch of days with bugs in shareware like Colloquy... or with no bugs at all. (To say nothing of whether such bugs are practical to actually do harm with anyway.)

No wonder MOAB vanished from the press.

Still good to see benefits coming from the project... even if the flaws were released in the wrong way (released to crackers and the public without releasing to the vendor for a fix first).

 

[durandel]

Yay! I love getting updates, it's like I'm bonding with my macbook even more.

You must be really bonded with your Windows computer then. It must follow you around the house and sleep on the bed with you.

 

[shawnce]

I see that the Month of "Apple" Bugs has a bunch of days with bugs in shareware like Colloquy... or with no bugs at all.

The have release issues for every day of the month and yeah some have been in 3rd party software.

 

[daneoni]

Guess I can't install it, beacause I don't want to use the turd that it 10.4.8 (my opinion). It has caused me nothing but grief. I stick with 10.4.5 for now.

10.4.5?, Whoa nelly!.

 

[iomar]

Well, this is always welcome.. but I want my leopard.

 

[shawnce]

Guess I can't install it, beacause I don't want to use the turd that it 10.4.8 (my opinion). It has caused me nothing but grief. I stick with 10.4.5 for now.

Huh? What issues have you had with 10.4.8?

 

[Eraserhead]

Well, this is always welcome.. but I want my leopard.

True, but I'd prefer the OS to stay secure so we don't need Anti-Malware like windows.

 

[PDubNYC]

10.4.8

Huh? What issues have you had with 10.4.8?

so many bizarre issues, such as spontaneously quitting the finder and bringing me to the login window, must have reinstalled half a dozen times. I've seen a handful of machines with strange behavior after the upgrade, and quite a few that were fine. After 10.4.6 gave me trouble with my FullPress servers, I have found that 10.4.5 is fine for me for now.

 

[ppnkg]

installed, restarted, all fine here.