Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Update 2004-08-09 Now Available

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
70,402
42,033
Along with the latest system update made available earlier today, Apple has released a security update to address a recent issue regarding a security breach in Safari. The breach affects Safari and Mozilla-based browsers, including Camino & Firefox and their handling of .png (portable network graphic) graphic files. The Security Update is available via Software Update. A standard download version is not yet available.
Security Update 2004-08-09 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

libpng (Portable Network Graphics)

For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798
Click to expand...

The 2004-08-09 Security Update is included in the 10.3.5 update package, or as a stand alone download.
 
Article Link
https://www.macrumors.com/2004/08/09/security-update-2004-08-09-now-available/
I know I'm going to get flamed for this, but do any of you think that Safari is becoming the Internet Explorer of Windows??
 
Since when is Safari Mozilla-based? It uses KHTML, not Gecko. Or if the app itself is "Mozilla-based" then how so?

edit: never mind, the original post on the front page said "Mozilla-based browsers, including Safari, Camino, [...]" but that has since been fixed.
 
musicpyrite said:
I know I'm going to get flamed for this, but do any of you think that Safari is becoming the Internet Explorer of Windows??
Click to expand...

This "vulnerability" had nothing to do with Apple, and they've applied the fix very very quickly. In addition, it's system-wide.

So no, I don't.

AppleMatt
 
FredAkbar said:
Since when is Safari Mozilla-based? It uses KHTML, not Gecko. Or if the app itself is "Mozilla-based" then how so?
Click to expand...

I edited the frontpage directly after this - you're right - it's KHTML, not Mozilla based (although the render engines are similar)
 
Software updates....

Grab it jsut now with upgrade to 10.3.5... :D

Also got an update called iPhoto 2.0.1.... haven't seen any mention of this... didn't buy iLife cos I'm a cheapskate...
 
Was this included in the 10.3.5 update? i'm not seeing it in my software update...

Lee Tom
 
fatbarstard said:
Grab it jsut now with upgrade to 10.3.5... :D

Also got an update called iPhoto 2.0.1.... haven't seen any mention of this... didn't buy iLife cos I'm a cheapskate...
Click to expand...

yep, i get a iphoto 2.01 upgrade as well. probably just a performance update. looks like some significant underpinning updates with this one.
 
LeeTom said:
Was this included in the 10.3.5 update? i'm not seeing it in my software update...

Lee Tom
Click to expand...

It was included - the only way you'd see it in SWU is if you didn't already install 10.3.5

frontpage edited to reflect this.
 
LeeTom said:
Was this included in the 10.3.5 update? i'm not seeing it in my software update...
Click to expand...
Yes, just confirmed that. Installing the Mac OS X update will remove the security update from Software Update.
 
Mudbug said:
I edited the frontpage directly after this - you're right - it's KHTML, not Mozilla based (although the render engines are similar)
Click to expand...

Sorry to nitpick, but the rendering engines are totally different. The result is quite similar.

As for Safari becoming the IE of Windows, its a little hard. Safari does not run with root privileges.
 
Guys this is a major thing. This png thing could of been huge, had not apple/open source community been quick to get a patch out. libpng is everywhere, mail, preview, keynote ect... its a major system lib (as far as images are concerned).

If one was so inclined, and had some time, one could create a special png image that would buffer overflow, and give the attacker at least your privileges. You could view this image in mail, safari and it could then sent its self to every one in your address book.

Apple has adverted a major !virus! problem with this update.

btw. this is not apple library its an open source library, that every one uses. So lets not start with the apple is turning in to $M, or Safari is turning into MSIE
 
Malicious PNG?

Whew... glad we dodged that bullet. I was violently assaulted by an Animated Gif last September, I was on crutches for two months.
 
And still no buzz about Paris...

A minor iPhoto update -- which had been predicted on Page Two -- and a security update. The Cupertino crowd is keeping a VERY tight lid on whatever is in store for Apple Expo Paris.

At Apple Expo 2003 we got new PowerBooks, wireless keyboard and mouse.

This year, obviously, it's going to be the new iMac, but.... *chirp, chirp, chirp*
 
Doctor Q said:
Yes, just confirmed that. Installing the Mac OS X update will remove the security update from Software Update.
Click to expand...

I'm updating our backup iBook G3 iPhoto 2.0.1 1.7 MB, Mac OS X 10.3.5 22.9 MB, & Security Update 2004-08-09 1.0 5.3 MB. It's running the optimization right now.
 
Elan0204 said:
It's good to see this security update out so fast. I wonder if Windows XP Service Pack 2 had this fix?
Click to expand...

i'm not sure that Microsoft uses libpng. They might, then again i doubt it. They stay away from open source like the plague.

edited: i installed all updates, 12" powerbook 1.33 superdrive. No problems to report.
 
csubear said:
i'm not sure that Microsoft uses libpng. They might, then again i doubt it. They stay away from open source like the plague.
Click to expand...

Seems like some kind of joke is necessary here....hmm....when you say "like the plague," who exactly is like the plague now? :p

But still, Safari security updates aren't coming so frequently. Yes, there have been a handful. But compared to MSIE....
 
musicpyrite said:
I know I'm going to get flamed for this, but do any of you think that Safari is becoming the Internet Explorer of Windows??
Click to expand...

hey, I've been using Camino for months now ...
 
morkintosh said:
hey, I've been using Camino for months now ...
Click to expand...

Yea, I've tried them all, Camino, OmniWeb, Firefox, Mozilla, Internet Explorer, just about every browser I can find for the Mac, and they all have problems, and I just like Safari better, but Firefox comes in a close second, and if Apple screws this up, like MS did with IE, I'll be using Firefox.
 
mkrishnan said:
Seems like some kind of joke is necessary here....hmm....when you say "like the plague," who exactly is like the plague now? :p

But still, Safari security updates aren't coming so frequently. Yes, there have been a handful. But compared to MSIE....
Click to expand...

its not who, but what, windows :)

btw. everyone is seeing this as a safari update, (is that what apple called it). It is not a browser update.

http://www.info.apple.com/kbnum/n61798 said:
These vulnerabilities have been corrected in libpng which is used by the CoreGraphics and AppKit frameworks in Mac OS X.
Click to expand...

This a a big part of the OS.
 
Doesn't sound like anything serious but it's good to see Apple reacting so fast. I was about to download this but then realized it was included on the 10.3.5 update! :cool:
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back