Security Update 2005-003 Released

[Rohan Moore]

Server

Installed update last night. Have arrived at work to find no access to any service: mail, web, afp, ssh, everything is incaccessible. Connection's fine, computer's running. I'm sure it'll become apparent once I'm back home, but this kind of unpredictability irritates me to the extreme. Why don't computer manufacturers take about 50% out of their Ministries of Information, and stick it in developing a product that -really- works? Let's be honest, the Mac platform might be more robust than Windows, and more polished than Linux, but even Apple have a bloody long way to go before they are what we all want them to be.

 

[solaris]

Installed yesterday and have no problems at all, as always!

 

[backspinner]

Nice to see the external credits on all these topics. Really looks like Apple is listening to their users.

 

[frenetic]

Installed it and everything seems to be working fine.

 

[aswitcher]

Installed yesterday and have no problems at all, as always!

Seems fine here as well.

 

[petej]

I haven't had a popup in months - I can't even remember the last time. I've set up custom blocklists to prevent my computer from seeing the advertising servers in the first place

Unzipping the attached file into /etc will help

Neat soution. I'm kicking myself for not thinking of that one. I'd done a similar trick with my firewall but that spews out an annoying "Blocked by firewall message". This is much neater.

Some may have to merge this file with their existing hosts file instead of just replacing it.

Keep an eye on your activitiy monitor in Safari - anything you don't like the look of just add it into the hosts file. You'll be much better protected against spyware and click trackers.

 

[Bonobo]

Repair permissions before & after update

I repaired permissions before and after the update, as is often recommended, runs w/o any problem on my 17" PowerBook (1st gen).

Cheers, Tom

 

[nagromme]

Just installed the Security Update on my 1.5Ghz PB and for the 1st time ever booting up took forever! Even to open up Mozilla to a goof 45 seconds not happy.

This makes me think could my 1.5Ghz PB take on Tiger ? Even with 1 Gig of ram

A slow reboot is normal after an update--the installation process is finishing. A slow one-time launch of an app is probably automatic updating of prebinding--also normal. Is booting/launcing Mozilla slow the second time too?

Anyone have any suggestions.
I zapped PRAM
no luck

First try removing all external devices in case that zeroes in on a culprit. And zap the PRAM more than once. (There's also a way to reset the Power Manager on an Apple laptop, but I don't think I've ever done it.)

Then restart (hold down power for 5 seconds if need be) and hold Shift until the wheel starts spinning. A disk repair will be performed automatically and the computer should boot into Safe Mode where you may be able to do more troubleshooting--such as using Utilities > Disk Utility to Repair Permissions. Do that and then reboot again to get out of Safe Mode. See if things are back to normal.

If Safe Mode won't even boot, there's another way to run Disk Utility: put in your OS X CD and hold down C to make it boot from the disc. In the installer you won't really be installing again (although that's a last resort option), but just go to the menu bar and find Disk Utility. Repair Permissions that way and then Quit the installer and reboot.

Good luck! (If you need to do a full-reinstall you might want a fresh backup first. You can connect the PowerBook to another Mac in Target Disc Mode to get at your data even if the PB won't boot.)

 

[stilldancer]

font issues

anyone else have bizarre font issues? safari and mail never really load, something that has happened to me in the past when there's a problem with one of the system fonts... logging out/in tends to fix that, but it's annoying and i thought long gone.

also preview was unable to read some PDFs using myriad earlier today.

safari isn't loading Georgia anymore

and BBEdit prefs had to be changed to open/save in UTF-8 in order to save anything at all

and safari won't view source on anything it seems.

am i alone here? could be something other than this update i suppose, but it's damn annoying.

 

[iGary]

17" iMac G5 1.8 GHz - No problems.

12" 1.2 GHz iBook - Just installed at the office - so far, so good. Doing some Safari and network connection stuff - all is well.

All goes well on these two and I'll put it on the G4 MDD at home.

 

[clarkcox3]

Mozilla.org didn't disable IDN, they show international domain names in punycode, just like Safari now does.

Yes, they did disable IDN. *All* IDN's in Firefox show as punycode. Safari only disabled IDN's that are confusable with ASCII. For example, Japanese domain names still show up as Japanese in Safari, but show up as punycode in Firefox.

 

[wrldwzrd89]

Yes, they did disable IDN. *All* IDN's in Firefox show as punycode. Safari only disabled IDN's that are confusable with ASCII. For example, Japanese domain names still show up as Japanese in Safari, but show up as punycode in Firefox.

They only disabled DISPLAY of IDNs, not INTERPRETATION of IDNs. Disabling display causes them all to show as Punycode. Disabling interpretation stops them from working completely.

 

[hcuar]

Installed on my rev B Dual 1.8 PM... No problems so far. I'll install it on my PB tonight.

 

[Sunrunner]

All is good here, though I still think Apple should have just incorporated this update with 10.3.9 and saved us the trouble of two installs....

Anybody know how many security vulnerabilities are still outstanding for Apple? Do you guys think these security fixes will all be rolled into Tiger automatically?

 

[MacBandit]

All is good here, though I still think Apple should have just incorporated this update with 10.3.9 and saved us the trouble of two installs....

Anybody know how many security vulnerabilities are still outstanding for Apple? Do you guys think these security fixes will all be rolled into Tiger automatically?

Not everyone will update to 10.3.9. Some people hold out for ages. That is why security updates are separate.

I would be willing to bet that all these security updates are included in the 10.3.9 update though so you could have waited for the 10.3.9 release and ran a system with many fixable security breaches in the mean time.

 

[Sunrunner]

Not everyone will update to 10.3.9. Some people hold out for ages. That is why security updates are separate.

I would be willing to bet that all these security updates are included in the 10.3.9 update though so you could have waited for the 10.3.9 release and ran a system with many fixable security breaches in the mean time.

Good points all. Of course there is no reson 10.3.9 would even come out before the release of Tiger. Apple may, for instance, want to wait and see if any interoperability issues crop up after the Tiger release. Then the fixes could be incorporated into 10.3.9

 

[grizzlybrice]

With the miracle of computers, it all of a sudden started working again. Gotta love it, i did all the necessary tips, but i think the update tweaked something. Now i'm running at full force. yay. I am no longer sad, now i'm quite happy and relieved that my baby is back!

B

 

[MacBandit]

Good points all. Of course there is no reson 10.3.9 would even come out before the release of Tiger. Apple may, for instance, want to wait and see if any interoperability issues crop up after the Tiger release. Then the fixes could be incorporated into 10.3.9

True they could but.... I don't think 10.4 will include the same fixes as 10.3.9. The reason is 10.4 is a completely different animal with a new Kernel and a huge amount of redesign. So much so 10.4 is the biggest update to OSX since OSX came out. The talk is already that 10.5 will be a user interface update to 10.4. So to say I think it would be in error to be able to look to 10.4 to see how 10.3.9 will perform.

 

[manu chao]

True they could but.... I don't think 10.4 will include the same fixes as 10.3.9. The reason is 10.4 is a completely different animal with a new Kernel and a huge amount of redesign. So much so 10.4 is the biggest update to OSX since OSX came out. The talk is already that 10.5 will be a user interface update to 10.4. So to say I think it would be in error to be able to look to 10.4 to see how 10.3.9 will perform.

I think what Sunrunner meant was how well 10.4 and 10.3.9 operate in a mixed environment, are there any problems connecting from a 10.4 maschine to a 10.3.9 one and vice versa.

 

[Maestro64]

I'm glad Apple added a feature to identify sneaky URLs that use other scripts to make a URL look like a well-known one.

Here is a sample of a URL containing an imposter letter "a":

http://www.?pple.com/

That is not a Latin-1 letter "a" in the word "apple". Instead, it is a Cyrillic lowercase a and there is a non-Apple website at that URL. The entity used is: & # 1 0 7 2 ;

You might be fooled by this URL before you apply this Security Update but should not be fooled afterwards, because the URL in your Address Bar will show as "www.xn--pple-43d.com/" instead of as "www.apple.com".

You can use the link above, before and after you update, to test how the change works.

Hmm, I did not install the update yet but Safari caught this one, it came up with a warning saying it was Phished site and may not be valid. So I wonder why it warned me and others were not warned..

 

[nagromme]

Hmm, I did not install the update yet but Safari caught this one, it came up with a warning saying it was Phished site and may not be valid. So I wonder why it warned me and others were not warned..

Are you using some 3rd-party util that provides those warnings? The name escapes me but there is at least one that does that I think.

 

[mkrishnan]

Hmm, I did not install the update yet but Safari caught this one, it came up with a warning saying it was Phished site and may not be valid. So I wonder why it warned me and others were not warned..

Did the warning come up in a little window? You may have installed a plugin from SAFT that checks for this -- it was something there were a lot of threads on here back when this kind of phishing became news a month or two ago....

 

[gekko513]

Yes, they did disable IDN. *All* IDN's in Firefox show as punycode. Safari only disabled IDN's that are confusable with ASCII. For example, Japanese domain names still show up as Japanese in Safari, but show up as punycode in Firefox.

Yeah, the Firefox solution is just stupid, and if I understood the description of it correctly, the preference to turn it off does so globally, making it impossible to use domain names like blåbærsyltetøy.no in a sensible way

 

[Maestro64]

Did the warning come up in a little window? You may have installed a plugin from SAFT that checks for this -- it was something there were a lot of threads on here back when this kind of phishing became news a month or two ago....

Yep, I had installed SAFT, didn't know it had that feature.... Learn something new every day.

 

[Twinkie]

I'm surprised nobody else has mentioned this... but the Samba update was excellent.

Now I can use Retrospect again to backup Windows systems to my Xserve

I have to say though... for all the "Apple's right on top of security!" posts, I have to disagree. Before this update, Samba was at 3.0.5 for almost two months... and 3.0.5 has known security issues.

In that regard, I'm happy this fixed it, but I'm disappointed that Apple waited so long to help those of us who do more with OS X than use Photoshop or web surfing.