Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Update 2008-005 Released

Virgil-TB2 said:
Considering all the problems during the MobileMe launch, caused at least in part, by people irresponsibly posting links to the downloads of Apple updates as opposed to letting Apple inform the users themselves though the software update feature, I continue to believe that the posting of these links by MacRumours staff is both irresponsible and incomprehensible.
Click to expand...

I don't get it. Wasn't it just a pointer to Apple's already published page, which described how to get the update?
 
genshi said:
Thanks for the reply. The only 3rd party "haxie" I have is Growl (which I've been using for at least a year) which lately I have set to "Stop" because I get so much junk mail. I'm trying to avoid creating anew user account due to disk space, etc. but I might just to see if Mail works in that account.

As for crash logs, where are those usually stored for mail? It never actually launches or gives me a "Send Report To Apple" dialog like Safari does (for some reason Safari completely died on me a few weeks ago even though nothing changed in the system, no updates or installs. With Safari it launches, stays up for about 6 or 7 seconds then crashes.) I'm much more concerned with not having Mail as I have about 15 email accounts that I check for my various projects and I don't want to have to check all those on the iPhone!

Again, thanks for your reply and any further advice will be greatly appreciated!
Click to expand...

Ah-ha! There's your culprit. Computers nowadays need swap space on the disk to function properly. As a rule of thumb, always keep 10% of your drive free. More disk cache... and OSX has been known to throw out all the preferences once it runs out of space (though it might not anymore, last I heard about that was 10.2).
 
ggjstudios said:
What are the ads everyone is talking about? Does it have something to do with the Security Update? I don't see any Home Depot ads.
Click to expand...

On the main macrumors page there are often "tech" related ads, but the day this was posted there was a couple of Home Depot ads (my depend on where in the world you are). Mainstream advertisers are very selective as to where they spend their advertising dollars so this is actually a great thing, it shows that macrumors has become a high profile site... to more than just us of course.
 
Bob Knob said:
On the main macrumors page there are often "tech" related ads, but the day this was posted there was a couple of Home Depot ads (my depend on where in the world you are). Mainstream advertisers are very selective as to where they spend their advertising dollars so this is actually a great thing, it shows that macrumors has become a high profile site... to more than just us of course.
Click to expand...

Thanks for the response. That explains it. I've never seen an ad of any kind of MacRumors, so I wasn't aware they had any advertising.
 
My imac is also stuck at the blue screen after the itunes and security update. Not sure which one is causing this


It happened the first time and I held the power button, but it stopped at blue screen at start up again. I went to look on macrumors for about 15 minutes on my macbook, when I came back the was at the log on screen and now appears to be working correctly
 
Adrian3300 said:
My imac is also stuck at the blue screen after the itunes and security update. Not sure which one is causing this


It happened the first time and I held the power button, but it stopped at blue screen at start up again. I went to look on macrumors for about 15 minutes on my macbook, when I came back the was at the log on screen and now appears to be working correctly
Click to expand...

My computer has been stuck at that screens for hours. I tried to restore from time machine and my OS X install disc, but when I choose RESTORE from the UTILITIES menu, nothing happens.

I am out of warranty and AppleCare, but this is all Apple's fault, so I'm sure they'll fix it, right? Right?!

Does ANYONE have ANY suggestions for me?
 
Lone Deranger said:
You'd expect MS to be fast by now. They've had lots of practice at fixing things. ;)
Click to expand...

You know what, the more infuriating thing is that Kaminsky actually told apple about this vulnerability when he found out. As in, he told MS, Cisco, Apple, ISC.......basically that multivendor patch a few weeks ago? Apple should have been part of that group.

Apple was the one who chose to really hold off on even saying anything until now, and it seems that port randomization wasn't even included. How insane.
 
Adrian3300 said:
My imac is also stuck at the blue screen after the itunes and security update. Not sure which one is causing this


It happened the first time and I held the power button, but it stopped at blue screen at start up again. I went to look on macrumors for about 15 minutes on my macbook, when I came back the was at the log on screen and now appears to be working correctly
Click to expand...

Do you have APE installed? if so, remove it.
 
EgbertAttrick said:
My computer has been stuck at that screens for hours. I tried to restore from time machine and my OS X install disc, but when I choose RESTORE from the UTILITIES menu, nothing happens.

I am out of warranty and AppleCare, but this is all Apple's fault, so I'm sure they'll fix it, right? Right?!

Does ANYONE have ANY suggestions for me?
Click to expand...

Sorry you're having such a problem. Maybe email to MacFixit might get you a suggestion?

http://www.macfixit.com/article.php?story=20080801093419294

I installed the update on three systems: Macbook (10.5.4), iBook (10.4.11), PowerMac G4 (10.5.4). Everything went smoothly.
 
0racle said:
Three free hints:

1. If something sounds fantastical, its most likely not true. The big hints that the above is BS - 'it is so advanced' and 'captures even encrypted passwords and can even snoop a VPN and HTTPS://'

2. If you are only hearing it from one source, it's most likely not true.

3. If that source is not a technical one, you have to be dumber then someone who falls for a 419 to believe it. Honestly, believing a radio show? These are the same people who talk about computer viruses that can physically destroy computers.
Click to expand...

Eh, it doesn't sound fantastical to me, it sounds like a keylogger. Combined with some fairly standard phishing techniques. Doesn't make it true, but doesn't sound at all implausible, either. A google search for [phishing whaling] gets plenty of hits, so the term seems to be a real one. You can't believe everything you hear, but you can't dismiss it out of hand, either.
 
Saw this on Google's news page. Any comments?

The Cupertino, Calif.-based vendor rolled out Security Update 2008-005, a fix that Apple said plugs several security holes, including its implementation of the BIND (Berkeley Internet Name Domain) server, which left users of its Mac OS X operating system susceptible to the DNS flaw disclosed earlier this month.

However, several security researchers Friday said Apple's DNS patch doesn't actually fix the problem and that Mac users are still at risk.

"Did Apple forget to patch something? By the look of things, the DNS client on the OSX 10.4.11 distribution still has not been patched," said security researcher Andrew Storms, director of security operations at Ncircle Network Security, in a blog post.

http://www.crn.com/security/209901785
 
KingYaba said:
Saw this on Google's news page. Any comments?

The Cupertino, Calif.-based vendor rolled out Security Update 2008-005, a fix that Apple said plugs several security holes, including its implementation of the BIND (Berkeley Internet Name Domain) server, which left users of its Mac OS X operating system susceptible to the DNS flaw disclosed earlier this month.

However, several security researchers Friday said Apple's DNS patch doesn't actually fix the problem and that Mac users are still at risk.

"Did Apple forget to patch something? By the look of things, the DNS client on the OSX 10.4.11 distribution still has not been patched," said security researcher Andrew Storms, director of security operations at Ncircle Network Security, in a blog post.

http://www.crn.com/security/209901785
Click to expand...

And if you spent time reading the various stories, this has been posted in the follow up comments section:

Gregg,

The researchers you've talked with are simply incorrect in their statements. The DNS cache poisoning weakness affects caching recursive resolvers, not client stub libraries.

If you're familiar with the details of Dan's attack (which I won't repeat here), you'll realize that it does not affect any resolver mechanisms that do not employ caching of authoritative NS records.

Apple is in the clear here and the various reports have been hugely mistaken. Feel free to contact me if you need more information.

Regards,
Jon Oberheide
 
Virgil-TB2 said:
Considering all the problems during the MobileMe launch, caused at least in part, by people irresponsibly posting links to the downloads of Apple updates as opposed to letting Apple inform the users themselves though the software update feature, I continue to believe that the posting of these links by MacRumours staff is both irresponsible and incomprehensible.

Why not just let people install the updates in the order that Apple wants them to and at the time that Apple wants them to? what the heck is software update for if not that?

There are tons and tons of "regular" users out there that read this board that don't need to be screwing up their computers by blindly following vague directions and suggestions from self-styled "insiders." While in this particular case it's a single security update and the sequence of the install is irrelevant, as a practice, posting these links is just plain old irresponsible IMO.

Okay, now I've said it, let the hating and the dissing begin! :)

Please note that if you want to send me a personal note of hate for this comment that I usually keep my PM box clean and empty, so ...

hate away! :D

.
Click to expand...

I didn't see the links posted, but where they taken from the software update XML, or just from links posted at: http://www.apple.com/support/downloads/ ?

There's not much wrong with the former, and nothing wrong with the latter...
 
Either this or the iTunes update broke my sound device.

Edit:
Actually... I think my speakers are dead :( As soon as I unplugged them, everything was fine again. They're seen as a Digital device when they are definitely not...
 
Apple's DNS patch coming up short
http://www.tuaw.com/2008/08/01/apples-dns-patch-coming-up-short/

Posted Aug 1st 2008 5:00PM by Michael Rose
Filed under: OS, Bad Apple, Security
The distance between good intentions and actual results seems to be getting longer and longer. While Apple did release a security patch yesterday that included a fix to BIND for the highly publicized cache poisoning exploit -- some time after most other vendors got updates out to customers -- that fix doesn't seem to be, you know, actually working.
Click to expand...
 
I've read where some are having problems when installing this update and it causing crashing etc. but is anyone having a problem where during install you get a message saying that the file is corrupt????? Something to do with the security signature from Apple being corrupted or changed???? BTW, I've been trying to install directly from Software Update. I have downloaded the update from the Apple download page but am hesitant to attempt to install. The download I have is the security update for PPC....I have a G5 PPC. Any thoughts on this? Cheers

08/03/08 Just an update. Was finally able to download and install the security update using software update. All went well and have not had any of the "crashing" problems that others have reported. Just makes me wonder why I kept getting corrupted files using software update. Oh well, all is well. Cheers
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back