Security Update 2005-003 Released

[wrldwzrd89]

Does anyone else think its weird that Apple released this now considering 10.3.9 is apparently so close? I suppose it's a security update so they can't exactly make it and then keep it from us for the sake of putting it into the next OS update, but still... Maybe 10.3.9 isn't that close after all?

I don't think the security update's release has anything to do with the development of Mac OS X 10.3.9 other than that this will need to be included in the Mac OS X 10.3.9 code base, which shouldn't take very much time (unless Apple did the smart thing and put it in there already).

 

[MattG]

Doh!

I was hoping Apple wouldn't release any updates for a while...trying not to reboot the Xserve at work so the next time the Windows nazis start talking snap about my server, I can show them the uptime and say "bet you can't say that about any of YOUR servers!"



anyway...my Powerbook seems to be working okay after the update.

 

[mad jew]

For any nay-sayers out there, the iBook's running fine after the update.

 

[wtmcgee]

Are you sure, I haven't had one single pop-up or -under since I "switched" to Firefox last November, not one single one! When the reports of pup-unders started emerging a month ago (or so) I visited every single site where Safari users reported pop-unders and Firefox took care of every single one... I've yet to see a site that cracks the pop-up blocker in Firefox, even if I've tried...please give me examples of sites that trigger a pop-up or -under in Firefox...

It's a flash exploit. Drudge report does it fairly often. Camino, Safari, Firefox ... you name it.

 

[MacBandit]

Does anyone else think its weird that Apple released this now considering 10.3.9 is apparently so close? I suppose it's a security update so they can't exactly make it and then keep it from us for the sake of putting it into the next OS update, but still... Maybe 10.3.9 isn't that close after all?

It doesn't matter because security updates are critical where as stability updates are not. Also not every system gets updated to the most recent system version but they often do need to have their security updates up to date.

 

[mad jew]

It doesn't matter because security updates are critical where as stability updates are not. Also not every system gets updated to the most recent system version but they often do need to have their security updates up to date.

Yeah, thanks. That makes sense.

 

[wwooden]

no problems for me so far, you can see what computer I have in my sig. I couldn't connect with my iSight to another person the first time I tried after the update, but now it is fine, so maybe it wasn't that but the network.

 

[Bradley W]

_

 

[wrldwzrd89]

I've installed the Security Update, and I have no problems to report, other than that the "test link" on page 1 of this thread completely fails to work now. It tries to go to http://www./?pple.com/ and complains that the server www can't be found.

 

[MacPhreak]

I hope this makes AFP work again. It has been broken on the three machines I have tried since the 10.3.8. Works fine on a local network, but my off-site boss can no longer afp:// into my machines. Sharing pref pane incorrectly states the name as afp://localhost instead of afp://name.local

I'll have to check tomorrow, too late to do anything tonight with the iBook, and the mini is at work.

 

[Reuven]

Just installed the Security Update on my 1.5Ghz PB and for the 1st time ever booting up took forever! Even to open up Mozilla to a goof 45 seconds not happy.

This makes me think could my 1.5Ghz PB take on Tiger ? Even with 1 Gig of ram

 

[grizzlybrice]

This update, upon restart has given me a kernal panic and my computer won't turn back on. It gets the grey start up screen and either freezes or the cool wipe on of the kernal panic screen with the mulitiple languages comes up. I think i'm screwed, I can't boot up.
Anyone have any suggestions.
I zapped PRAM
no luck
the day was going good, now i'm sad. Really sad.

B

 

[Lacero]

Just like to add, no problems updating 003 security update on my dual G5 PM.

 

[grizzlybrice]

well now i just tried restarting it and i got white text on black strips saying stuff like "system faliure: cpu=0" and "backtrace terminated" and all that jazz... now i'm even sadder.

B

 

[Nermal]

I haven't had a popup in months - I can't even remember the last time. I've set up custom blocklists to prevent my computer from seeing the advertising servers in the first place

Unzipping the attached file into /etc will help

 

[jonat8]

Downloaded and installed on my PowerBook with no problems Quite a hefty security update tho... 15Megs.

 

[CalfCanuck]

Safari problems after update ...

Since I updated I've been having some weird Safari problems - had to force quit twice (once Safari took over my entire system!).

Am now on my way to repair permissions. Anyone else have this problem?

 

[nate]

Check that out in Firefox now!

I did the updates, and it fixed the bug.... but the bug is present in firefox!

--nate

I'm glad Apple added a feature to identify sneaky URLs that use other scripts to make a URL look like a well-known one.

Here is a sample of a URL containing an imposter letter "a":

http://www.аpple.com/

That is not a Latin-1 letter "a" in the word "apple". Instead, it is a Cyrillic lowercase a and there is a non-Apple website at that URL. The entity used is: & # 1 0 7 2 ;

You might be fooled by this URL before you apply this Security Update but should not be fooled afterwards, because the URL in your Address Bar will show as "www.xn--pple-43d.com/" instead of as "www.apple.com".

You can use the link above, before and after you update, to test how the change works.

 

[Doctor Q]

Check that out in Firefox now!

I did the updates, and it fixed the bug.... but the bug is present in firefox!

To to be clear, it's not really a bug when the site appears to be www.apple.com. The web browser is showing you the URL as it appears in its native script, because an "a" in Cyrillic looks like a Roman "a". So that's what you SHOULD see. The trouble is that you really don't want to see the real form!

The change in safari isn't a bug fix as much as a new feature: to display non-Roman characters a certain way that helps you spot fakes.

And yes, it would be nice if all web browsers learned to do this.

 

[Platform]

Good to see that apple are on top of thing when it comes to security.

Because now when apple is getting biggger, there will be some issues and I hope apple will deal with it fast.

keep up to good work apple

 

[manu chao]

Mozilla.org didn't disable IDN, they show international domain names in punycode, just like Safari now does.

Mozilla.org did 'disable' it, since what is the point of IDN if everything is displayed in punycode.
Safari just shows the punycode for a handful of scripts, not for all like Mozilla & Co. do.

 

[irmongoose]

The IDN Domains scare me. Thanks for bringing it up.

Those of you who have problems with Safari's built-in pop-up blocker... try PithHelmet. Besides blocking ads, it strengthens the pop-up blocker to disallow those that get through with Safari's.



irmongoose

 

[Mitthrawnuruodo]

i get pop-ups in camino every now and then, for example www.interfacelift.com

Firefox takes care of that one (I even tried reloading a couple of times, got the same message every time)...

Edit: I have Adblock installed, but didn't add any filters for this site...

 

[Mitthrawnuruodo]

Check that out in Firefox now!

I did the updates, and it fixed the bug.... but the bug is present in firefox!

--nate

No, that was taken care of with Firefox 1.0.1, released a while ago, from the Release Notes:

Here's what's new in Firefox 1.0.1:
* Improved stability
* International Domain Names are now displayed as punycode. (To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.)
* Several security fixes.

 

[FFTT]

well now i just tried restarting it and i got white text on black strips saying stuff like "system faliure: cpu=0" and "backtrace terminated" and all that jazz... now i'm even sadder.

B

I had similar, but not identical problems after trying to install Xpostfacto
on my 300 MHz beige G3 Tower.

Turns out that I was having a boot conflict between my 120GB ATA and my original SCSI drives.

I ended up having to remove the SCSI drive and card, before I could boot again.

I've heard that the newer version of Xpostfacto has solved some G3 issues
but I'm not willing to risk my data again.

That's why I'm still stuck at 10.2.8

I hope someone can help you restore your system without data loss.

Unfortunately , you may need to re-install from your OS disk.

Best of luck