Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Update 2008-005 Released

Gnome Depot Ads?

Amazing that some still put up with the emoticon, avatar, and ad nonsense that gets spit onto their screen when all these irritants are so easily avoided.
 
Orlandooo said:
Is there a way you can get it to automatically call it Picture 1.png or whatever it is? Without the extension its not recognised in all apps and it feels stupid adding the .png to so many pictures...
Click to expand...

I changed that ages ago in Onyx, back in 10.4.4 Setting is still intact now in 10.5.4, even though I don't have Onyx installed anymore.
 
I appreciate the direct links to the updates in the story. Not that they are hard to fine, but it is convenient.

I prefer not to use software update.
 
shervieux said:
Glad to see Apple is fixing things..... Will install on my 2 machines tonight.

on a bit of a sad note - with Apple gaining on populary, i have a feeling we may end up like MS with security updates and patches once or multiple times a week. It's only a matter of time before Apple starts becoming popular enough to be targeted by viruses, spyware, malware, trojans, phishing, and the new whaling.

Off subject; but a warning to all. I just heard this on a talk radio show last night......

Whaling - a rather new phishing technique that targets someone who a hacker thinks has a lot of money (like a CEO of a corporation or charity). What this version does is:

1. Sends you an email that makes it look like you or someone high up at your work has been supenoed by a high court. When you open the email, it has the attached document that even the experts say looks very real - right down to a faked goverment website.

2. the email and its attachment installs a trojan on your computer that tracks what you do.

3. it is so advanced that as soon as you log onto your bank or financial website via any mean (online website - through quicken, MSMONEY or others). It sends an alert to the crook and captures even encrypted passwords and can even snoop a VPN and HTTPS://

4. As soon as you sign off another alert goes out. the crook then signs in with your password, changes the password and then starts to withdraw all your money.

So far they estimated that 100,000 CEOs have been target and some have lost $100,000's. that's why it is called whaling - they go after the big guys. they also estimate that a few non-rich people got the email and were swindled also.

If you seen this come your way, you are vulnerable and directed to clean your computer before signing on to a financial institution. This thing has the potential of wiping out entire corporations of their funds, because everyone knows that top management will check corporation accounts from their computer's as well.

Another off topic

I had a friend who owns a small marina, somehow his corporate account number got out. A local crook started printing off payroll checks from "real" area companies using his account number. Luckily one local bank caught first check that was tried to be cashed and froze the account. Caused my friend a big hassle, but atleast his money was safe. the bank told him, that had he not been a small company and was a larger company that owned others (or was owned by a larger company) - it would have been harder to track, because most companies print checks under the larger company name and distribute to those working at the smaller companies.

The people cashing the checks even had fake employment badges that were made up from taking an image of a real employee badge from the company.

Another bank caught it by knowing the company name printed on the check did not usually issue its payroll with a date on the check that corresponded to a non-pay date.
Click to expand...

doesn't affect me really... unless somebody wants to steal the $34 i have in the bank right now :p
 
Crashed after update

I have a MacBook 2.2 GHz with 10.5.4 and after I installed this update and rebooted, apps starting crashing left and right, and wouldn't open. It started with my system preferences... when that crashed you know your in trouble. :confused:
 
Detektiv-Pinky said:
I think this is not quite true.

The vulnerability also targets DNS resolvers (clients), just at the moment the attacks are rather on the server because it is far more convenient to poison a DNS server to deliver the wrong IP addresses to a large crowd of client computers than to target every individual client.
Click to expand...

This affects only the server.

Another thing you should watch is your Firewall/NAT-Box, because this might be the vulnerable too...
Click to expand...

Only if your NAT/Firewall is running a DNS server that's publicly reachable.
 
The Tall One said:
I have a MacBook 2.2 GHz with 10.5.4 and after I installed this update and rebooted, apps starting crashing left and right, and wouldn't open. It started with my system preferences... when that crashed you know your in trouble. :confused:
Click to expand...

I just updated my mb and safari crashes everytime I try and open it.



edit---OK, restarted again and everything is ok.
 
shervieux said:
Off subject; but a warning to all. I just heard this on a talk radio show last night......

Whaling - a rather new phishing technique that targets someone who a hacker thinks has a lot of money (like a CEO of a corporation or charity). What this version does is:

1. Sends you an email that makes it look like you or someone high up at your work has been supenoed by a high court. When you open the email, it has the attached document that even the experts say looks very real - right down to a faked goverment website.

2. the email and its attachment installs a trojan on your computer that tracks what you do.

3. it is so advanced that as soon as you log onto your bank or financial website via any mean (online website - through quicken, MSMONEY or others). It sends an alert to the crook and captures even encrypted passwords and can even snoop a VPN and HTTPS://

4. As soon as you sign off another alert goes out. the crook then signs in with your password, changes the password and then starts to withdraw all your money.

So far they estimated that 100,000 CEOs have been target and some have lost $100,000's. that's why it is called whaling - they go after the big guys. they also estimate that a few non-rich people got the email and were swindled also.

If you seen this come your way, you are vulnerable and directed to clean your computer before signing on to a financial institution. This thing has the potential of wiping out entire corporations of their funds, because everyone knows that top management will check corporation accounts from their computer's as well.
Click to expand...

Interesting. Though what CEOs do their own online banking? You'd think most could afford people to do that for them. :p

You'd also hope that most would be smart enough to realize that subpeonas aren't usually sent via e-mail.
 
everything seems to be fine with mine after installing the update. I did have to wait a while on the restart for things to start happening. Even the little spinning dial stopped at the 3am mark for about 5 minutes.
 
shervieux said:
Off subject; but a warning to all. I just heard this on a talk radio show last night......

Whaling - a rather new phishing technique that targets someone who a hacker thinks has a lot of money (like a CEO of a corporation or charity). What this version does is:

1. Sends you an email that makes it look like you or someone high up at your work has been supenoed by a high court. When you open the email, it has the attached document that even the experts say looks very real - right down to a faked goverment website.

2. the email and its attachment installs a trojan on your computer that tracks what you do.

3. it is so advanced that as soon as you log onto your bank or financial website via any mean (online website - through quicken, MSMONEY or others). It sends an alert to the crook and captures even encrypted passwords and can even snoop a VPN and HTTPS://

4. As soon as you sign off another alert goes out. the crook then signs in with your password, changes the password and then starts to withdraw all your money.

So far they estimated that 100,000 CEOs have been target and some have lost $100,000's. that's why it is called whaling - they go after the big guys. they also estimate that a few non-rich people got the email and were swindled also.

If you seen this come your way, you are vulnerable and directed to clean your computer before signing on to a financial institution. This thing has the potential of wiping out entire corporations of their funds, because everyone knows that top management will check corporation accounts from their computer's as well.
Click to expand...
Three free hints:

1. If something sounds fantastical, its most likely not true. The big hints that the above is BS - 'it is so advanced' and 'captures even encrypted passwords and can even snoop a VPN and HTTPS://'

2. If you are only hearing it from one source, it's most likely not true.

3. If that source is not a technical one, you have to be dumber then someone who falls for a 419 to believe it. Honestly, believing a radio show? These are the same people who talk about computer viruses that can physically destroy computers.
 
The Tall One said:
I have a MacBook 2.2 GHz with 10.5.4 and after I installed this update and rebooted, apps starting crashing left and right, and wouldn't open. It started with my system preferences... when that crashed you know your in trouble. :confused:
Click to expand...

davidwarren said:
I just updated my mb and safari crashes everytime I try and open it.
Click to expand...

Yep, this updated just completely killed my Mail app on my G5 iMac running 10.4.11. It won't open at all now! Just bounces in the dock for a few seconds then nothing! First time something like this has happened for me. Anyone know how I can get my mail back up and running (I can't reinstall from the Disk because my DVD drive on my iMac died long ago.)
 
kingjr3 said:
So does this update fix the ARDAgent exploit?
Click to expand...

Yes.

Open Scripting Architecture
CVE-ID: CVE-2008-2830
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: A local user may execute commands with elevated privileges
Description: A design issue exists in the Open Scripting
Architecture libraries when determining whether to load scripting
addition plugins into applications running with elevated privileges.
Sending scripting addition commands to a privileged application may
allow the execution of arbitrary code with those privileges. This
update addresses the issue by not loading scripting addition plugins
into applications running with system privileges. The recently
reported ARDAgent and SecurityAgent issues are addressed by this
update. Credit to Charles Srstka for reporting this issue
 
genshi said:
Yep, this updated just completely killed my Mail app on my G5 iMac running 10.4.11. It won't open at all now! Just bounces in the dock for a few seconds then nothing! First time something like this has happened for me. Anyone know how I can get my mail back up and running (I can't reinstall from the Disk because my DVD drive on my iMac died long ago.)
Click to expand...

Try creating a new temporary user account on that system and see if things work when using that account. If so then something in your preferences and/or 3rd party "haxies" etc. that you may have installed could be at fault.

If you can post (or private message) me a crash log from an application that crashes I can attempt to isolate what might be at fault.
 
shawnce said:
Try creating a new temporary user account on that system and see if things work when using that account. If so then something in your preferences and/or 3rd party "haxies" etc. that you may have installed could be at fault.

If you can post (or private message) me a crash log from an application that crashes I can attempt to isolate what might be at fault.
Click to expand...

Thanks for the reply. The only 3rd party "haxie" I have is Growl (which I've been using for at least a year) which lately I have set to "Stop" because I get so much junk mail. I'm trying to avoid creating anew user account due to disk space, etc. but I might just to see if Mail works in that account.

As for crash logs, where are those usually stored for mail? It never actually launches or gives me a "Send Report To Apple" dialog like Safari does (for some reason Safari completely died on me a few weeks ago even though nothing changed in the system, no updates or installs. With Safari it launches, stays up for about 6 or 7 seconds then crashes.) I'm much more concerned with not having Mail as I have about 15 email accounts that I check for my various projects and I don't want to have to check all those on the iPhone!

Again, thanks for your reply and any further advice will be greatly appreciated!
 
H E L P !

I installed on my PB 12" running Leopard and now it is a BRICK!

After installed, Safari continually crashed, so I decided to restart... Now I have only a blue screen with the grey-striped wheel which only moves every few minutes! Arrrrrrrrgh! Did this happen to anyone else?
 
incomprehensible and irresponsible

MacRumors said:
...
Click to expand...
Considering all the problems during the MobileMe launch, caused at least in part, by people irresponsibly posting links to the downloads of Apple updates as opposed to letting Apple inform the users themselves though the software update feature, I continue to believe that the posting of these links by MacRumours staff is both irresponsible and incomprehensible.

Why not just let people install the updates in the order that Apple wants them to and at the time that Apple wants them to? what the heck is software update for if not that?

There are tons and tons of "regular" users out there that read this board that don't need to be screwing up their computers by blindly following vague directions and suggestions from self-styled "insiders." While in this particular case it's a single security update and the sequence of the install is irrelevant, as a practice, posting these links is just plain old irresponsible IMO.

Okay, now I've said it, let the hating and the dissing begin! :)

Please note that if you want to send me a personal note of hate for this comment that I usually keep my PM box clean and empty, so ...

hate away! :D

.
 
Virgil-TB2 said:
Considering all the problems during the MobileMe launch, caused at least in part, by people irresponsibly posting links to the downloads of Apple updates as opposed to letting Apple inform the users themselves though the software update feature, I continue to believe that the posting of these links by MacRumours staff is both irresponsible and incomprehensible.

Why not just let people install the updates in the order that Apple wants them to and at the time that Apple wants them to? what the heck is software update for if not that?

There are tons and tons of "regular" users out there that read this board that don't need to be screwing up their computers by blindly following vague directions and suggestions from self-styled "insiders." While in this particular case it's a single security update and the sequence of the install is irrelevant, as a practice, posting these links is just plain old irresponsible IMO.

Okay, now I've said it, let the hating and the dissing begin! :)

Please note that if you want to send me a personal note of hate for this comment that I usually keep my PM box clean and empty, so ...

hate away! :D

.
Click to expand...

You may be right, but in my case I didn't use the link provided here, I went through my Mac's Software Updater and it installed the Security update, asked for me to restart my computer (which I did) and now my Mail app will not launch.
 
EgbertAttrick said:
H E L P !

I installed on my PB 12" running Leopard and now it is a BRICK!

After installed, Safari continually crashed, so I decided to restart... Now I have only a blue screen with the grey-striped wheel which only moves every few minutes! Arrrrrrrrgh! Did this happen to anyone else?
Click to expand...

No one else?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back