--
Apple have released FOUR versions of Security Update 2010-005. The versions are linked below:
Mac OS X Snow Leopard Client - 80.63 MB
Mac OS X Snow Leopard Server - 136.86 MB
Mac OS X Leopard Client - 211.88 MB
Mac OS X Leopard Server - 418.92 MB
The general downloads page can be found HERE.
You can read about the security patches HERE.
My quick summary:
There are 8 security patches.
-> 2 PHP patches: One patches a buffer overflow vulnerability regarding maliciously crafted PNG image files. The other updates PHP to version v5.3.2, which itself provides a variety of security patches to such things as further buffer overflow vulnerabilities.
-> 1 Samba patch: A buffer overflow...
-> 1 Apple Type Services (ATS) patch: A vulnerability to maliciously crafted embedded fonts due to a buffer overflow...
-> 1 CFNetwork patch: Prevents a man-in-the-middle attack that could redirect network connections and intercept a user's sensitive information such as their user credentials.
-> 1 ClamAV patch: Updates the versions of ClamAV in Mac OS X Server 10.5 and 10.6 to version 0.96.1, solving multiple vulnerabilities.
-> 1 CoreGraphics patch: A heap buffer overflow due to maliciously crafted PDF files. (Presumably this is related to a similar problem in iOS v4.0).
-> 1 libsecurity patch: Improves the handling of certificate host names, preventing a website impersonation attack.
--
Showing posts with label Apple Security Update. Show all posts
Showing posts with label Apple Security Update. Show all posts
Tuesday, August 24, 2010
Thursday, June 17, 2010
Apple's Flash Player Plug-in Update Blunder
in the 10.6.4 Update
--
According to MacFixIt.com, Apple made one big preventable blunder in the Mac OS X 10.6.4 update. They included the previous, exploited in-the-wild, version of the Adobe Flash plug-in, version 10.0.45.2. My guess is that this is the version they've been using in the beta of 10.6.4 and they neglected to swap in last week's security patched version 10.1.53.64. That's a very naughty oversight by Apple!
Therefore, if you have not done so already, go grab the very latest installer for the Adobe Flash Player, v10.1.53.64, and install it. Apple didn't give it to you! You can grab it HERE.
Thankfully, Apple's 10.6.4 update installer is smart enough not to remove the updated version of the Flash Player plug-in. Mine stayed intact.
Dear Apple. Considering the well deserved abuse Adobe have had to endure for their blundering crap programming, it would be advisable to avoid blunders of your own and keep up with Adobe's updates! Until this Flash plug-in version oversight happened, Adobe had no legitimate reason to criticize Apple. Now it looks like you're ignoring Adobe's meagre efforts to put things right again. That's not good. You've also needlessly endangered the security of your customers!
Meanwhile, keep an eye out for the Acrobat and Adobe Reader security patch updates that should be showing up any week now...
(o_0)
--
According to MacFixIt.com, Apple made one big preventable blunder in the Mac OS X 10.6.4 update. They included the previous, exploited in-the-wild, version of the Adobe Flash plug-in, version 10.0.45.2. My guess is that this is the version they've been using in the beta of 10.6.4 and they neglected to swap in last week's security patched version 10.1.53.64. That's a very naughty oversight by Apple!
Therefore, if you have not done so already, go grab the very latest installer for the Adobe Flash Player, v10.1.53.64, and install it. Apple didn't give it to you! You can grab it HERE.
Thankfully, Apple's 10.6.4 update installer is smart enough not to remove the updated version of the Flash Player plug-in. Mine stayed intact.
Dear Apple. Considering the well deserved abuse Adobe have had to endure for their blundering crap programming, it would be advisable to avoid blunders of your own and keep up with Adobe's updates! Until this Flash plug-in version oversight happened, Adobe had no legitimate reason to criticize Apple. Now it looks like you're ignoring Adobe's meagre efforts to put things right again. That's not good. You've also needlessly endangered the security of your customers!
Meanwhile, keep an eye out for the Acrobat and Adobe Reader security patch updates that should be showing up any week now...
(o_0)
--
Tuesday, June 15, 2010
Apple Security Update 2010-004
/ Mac OS X v10.6.4
--
UPDATED 2010-06-17. Please read item #3 in the summary list below!
--
June 15th Apple kindly emailed me their list of security fixes in Security Update 2010-004, which in incorporated into the Mac OS X 10.6.4 update. Later in the day Apple posted the full report HERE.
Below is my summary of patches:
1) Three CUPS patches. (Cross-site request forgery; a cupsd bug; a web interface bug).
2) A Desktop Services patch. (Corrects a bug when applying permissions to enclosed items).
3) OOPS! Apple neglected to keep up with Adobe's Flash Player and instead installs the older hacked in-the-wild version! This is a very bad oversight by Apple! If you haven't already, you must DIY install the latest Flash Player update HERE. Be certain to do it NOW.
Thankfully Apple's update installer does not remove an updated version of the Flash Player plug-in. No damage done.
***(The dangerous version of the Adobe Flash Player plug-in is 10.0.45.2. The security patched version is 10.1.53.64. You can check the version at: /Library/Internet Plug-Ins/Flash Player.plugin).
4) A Folder Manager patch. (Repairs a symlink bug).
5) A Help Viewer patch. (Yet-another JavaScript security hole. I hate JavaScript).
6) An iChat patch. (AIM related. Repairs a file path handling bug).
7) An ImageIO patch. (A buffer overflow problem with TIFF files).
8) Three Kerberos patchs. (Buffer overflow; ticket handling bug; KDC request bug).
9) A libcurl patch. (Buffer overflow).
10) Two Network Authorization patches. (A NetAuthSysAgent patch for operation authorization privileges; format string bugs in afp, cifs and smb).
11) An Open Directory patch. (Man-in-the-middle attack via an unprotected server connection).
12) A Printer Setup patch. (Bug in handling a shared printing service).
13) A Printing patch. (Buffer overflow in the cgtexttops CUPS filter).
14) A Ruby patch. (WEBrick bug with a JavaScript security hole. Did I mention I hate JavaScript?)
15) An SMB File Server patch. (An Apple Samba symbolic links bug).
16) A SquirrelMail update. (Cross-site scripting insecurity, among several other problem).
17) A Wiki Server patch. (Cross-site scripting attack security hole).
∑ = 23 security patches.
As of this post, I have not yet installed 10.6.4. Keep an eye on MacFixIt for problem reports.
Before you update, remember to follow the routine: (1) Back up (2) Repair your boot volume, including disk permissions. (3) Download and install the 'Combo' version of the update for best results (4) After reboot, repair your disk permissions again. (Lately Apple have missed cleaning up a number of permissions errors after their updates. Adobe always leaves a permissions mess behind, which will be most certainly be the case with the Flash plug-in update).
--
UPDATED 2010-06-17. Please read item #3 in the summary list below!
--
June 15th Apple kindly emailed me their list of security fixes in Security Update 2010-004, which in incorporated into the Mac OS X 10.6.4 update. Later in the day Apple posted the full report HERE.
Below is my summary of patches:
1) Three CUPS patches. (Cross-site request forgery; a cupsd bug; a web interface bug).
2) A Desktop Services patch. (Corrects a bug when applying permissions to enclosed items).
3) OOPS! Apple neglected to keep up with Adobe's Flash Player and instead installs the older hacked in-the-wild version! This is a very bad oversight by Apple! If you haven't already, you must DIY install the latest Flash Player update HERE. Be certain to do it NOW.
Thankfully Apple's update installer does not remove an updated version of the Flash Player plug-in. No damage done.
***(The dangerous version of the Adobe Flash Player plug-in is 10.0.45.2. The security patched version is 10.1.53.64. You can check the version at: /Library/Internet Plug-Ins/Flash Player.plugin).
4) A Folder Manager patch. (Repairs a symlink bug).
5) A Help Viewer patch. (Yet-another JavaScript security hole. I hate JavaScript).
6) An iChat patch. (AIM related. Repairs a file path handling bug).
7) An ImageIO patch. (A buffer overflow problem with TIFF files).
8) Three Kerberos patchs. (Buffer overflow; ticket handling bug; KDC request bug).
9) A libcurl patch. (Buffer overflow).
10) Two Network Authorization patches. (A NetAuthSysAgent patch for operation authorization privileges; format string bugs in afp, cifs and smb).
11) An Open Directory patch. (Man-in-the-middle attack via an unprotected server connection).
12) A Printer Setup patch. (Bug in handling a shared printing service).
13) A Printing patch. (Buffer overflow in the cgtexttops CUPS filter).
14) A Ruby patch. (WEBrick bug with a JavaScript security hole. Did I mention I hate JavaScript?)
15) An SMB File Server patch. (An Apple Samba symbolic links bug).
16) A SquirrelMail update. (Cross-site scripting insecurity, among several other problem).
17) A Wiki Server patch. (Cross-site scripting attack security hole).
∑ = 23 security patches.
As of this post, I have not yet installed 10.6.4. Keep an eye on MacFixIt for problem reports.
Before you update, remember to follow the routine: (1) Back up (2) Repair your boot volume, including disk permissions. (3) Download and install the 'Combo' version of the update for best results (4) After reboot, repair your disk permissions again. (Lately Apple have missed cleaning up a number of permissions errors after their updates. Adobe always leaves a permissions mess behind, which will be most certainly be the case with the Flash plug-in update).
--
Thursday, August 6, 2009
Security Update 2009-003 & Mac OS X 10.5.8 Update Released
Look Apple, I'm trying to enjoy the summer. So what's with the almost daily Apple software security updates? Enough already! - Actually, I'm not complaining. The faster the bug fixes for Leopard the better.
You can read about the 18 security patches in Security Update 2009-003 & 10.5.8 HERE. Several of the security patches are for Mac OS X 10.4.11 as well as 10.5.7. Therefore, if you're using Tiger, be sure to check for and install the update.
Primer on how-to-update:
1) Repair your boot volume's permissions via Disk Utility.
2) Verify your boot disk via Disk Utility. If you have disk problems, boot from another volume or your Mac OS X installation DVD/CD and perform the repair.
3) After both steps 1 & 2 are completed, install the update.
4) After the update and associated reboots have been completed, repair your boot volume's permissions again.
Note that MacFixIt.com are even more fanatical and suggest that all of the above be done after booting into Safe Mode. They also recommend NOT installing system updates via Software Update. Instead they recommend DIY downloading and installing of Apple's provided 'combo' updates.
I've been a member at MacFixIt for several years. If there is one consistent thing I've learned from hanging out over there, it's that those people who run into problems after installing updates most likely did NOT follow steps 1 - 4. Even Apple are known to leave behind messed up permissions after update installations. Making sure your boot volume is in good repair before any installation is obvious. Repairing permissions is of course not a panacea for fixing your Mac. But it never hurts, and it is very important before and after any major update. I will not entertain any arguments to the contrary. So there.
Techy stuff:
What's in Security Update 2009-003? No surprise: Lots of bad memory management repairs! Let's count them together:
I) bzip2 has been updated to version 1.0.5 to stop out-of-bounds memory access dangers.
II) Improved ColorSync profile validation to prevent the ramifications of a heap buffer overflow.
III) Improved bounds checking of Canon RAW images to prevent the ramifications of a stack buffer overflow.
IV) OpenEXR has been updated to version 1.6.1 to prevent the ramifications of a heap buffer overflow.
V) Improved memory initialization and validation of OpenEXR images to prevent the ramifications of an uninitiated memory access flaw.
VI) Improved bounds checking of OpenEXR images to prevent the ramifications of multiple integer overflow flaws.
VII) Improved bounds checking of EXIF metadata to prevent the ramifications of a buffer overflow in ImageIO.
VIII) Improved validation of PNG images in order to prevent the ramifications of an uninitialized pointer flaw.
IX) Improved handling of fcntl system calls in order to prevent system privileges escalation and arbitrary code execution caused by overwriting kernel memory.
X) Improved validation of AppleTalk response packets in order to prevent a buffer overflow flaw in the kernel.
XI) PCRE has been updated to version 7.6 in order to prevent the ramifications of a buffer overflow flaw in the PCRE library used by XQuery.
Of the 18 security patches, that's 11 memory management patches. This proves once again that memory management remains the primary bane of contemporary coding. This is one of my favorite rants, if you haven't previously noticed.
The remaining 7 patches repair certificate warnings, JavaScript handling, Multi-Touch access, inetd-based launchd services, format string handling by the Login Window, MobileMe credentials deletion, and file descriptor sharing.
OK. Attention Apple: It's August. Go on vacation please so I can have one too. Thank you. Over and out.
--
Wednesday, May 13, 2009
May 12: Massive Mac Update Day
--
Macintosh updates on the second Tuesday of the month?! Déja vu man. Is Apple syncing updates with Microsoft? Is this to make Enterprise IT folks happy? I strongly suspect so.
I prefer the ASAP approach. Waiting around for the second-Tuesday-of-the-month is a dim idea from my POV. Hmph. What happens in the Microsoft world is that hackers get geared up for THE DAY and pounce on all the announced security holes via new malware. This works very well because only a small percentage of people update their Microsoft software on THE DAY. This allows hackers a window of opportunity to get into user machines while the getting is good. Alternatively, the ASAP approach provides no expectation time for hackers. It also gets security patches out in the field immediately rather than waiting around for potentially weeks, during which time each security hole sits out there ripe for the hacking.
Therefore, I hope this second-Tuesday-of-the-month security update is merely coincidence. Sorry Enterprise IT folks! Having THE DAY each month for security patches may be convenient, but it is BAD security protocol. Security wins in this business.
Rules for System Update Preparation:
1) You know what I'm going to say: Make A Backup! Expect updates to go wrong. They often do.
2) Repair your boot system! It is amazing how many system updates go bad simply because the boot system was corrupt. What else would you expect? Boot from your system installation disk and run the repairs inside Disk Utility.
3) Repair your boot system preferences! Despite the myths, bad file permissions are also a prominent reason why system updates go bad. Again, what else would you expect? Note: You also need to repair your permissions AFTER the update. Adobe always leave behind a mess. Even Apple make slip ups! Apple left behind bad permission settings after Leopard Server Update 10.5.6! Expect it to happen. Use Disk Utility.
4) Don't forget to update! Keeping up with system updates is very important! Check this out:
The Update List:
Your Mac's System Update app will tell you what updates are necessary for your particular setup. The list of updates from 5/12 is long. All the links below are for each update's general description and download page. Each page has a further link to its detailed information page. If you would like to go directly to the security improvements list for each update, please go HERE.
Safari v3.2.3 for Windows, 19.69 MB
Safari v3.2.3 for Tiger, 26.29 MB
Safari v3.2.3 for Leopard, 40 MB
Safari v4.0 Public Beta Security Update for Tiger, Leopard, Windows XP and Windows Vista
Security Update 2009-002 for Tiger PPC, 75 MB
Security Update 2009-002 for Tiger Intel, 165 MB
Security Update 2009-002 for Tiger Server PPC, 130 MB
Security Update 2009-002 for Tiger and Leopard Server, Universal, 203 MB
Mac OS X Combo Update 10.5.7 Leopard, including 2009-002, 729 MB
Mac OS X Server Combo Update 10.5.7 Leopard, including 2009-002, 951 MB
Mac OS X Update 10.5.7 Leopard, including 2009-002, 442 MB
Mac OS X Server Update 10.5.7 Leopard, including 2009-002, 452 MB
Coming up will be my summary and analysis of the security improvements provided by these updates.
--
Macintosh updates on the second Tuesday of the month?! Déja vu man. Is Apple syncing updates with Microsoft? Is this to make Enterprise IT folks happy? I strongly suspect so.
I prefer the ASAP approach. Waiting around for the second-Tuesday-of-the-month is a dim idea from my POV. Hmph. What happens in the Microsoft world is that hackers get geared up for THE DAY and pounce on all the announced security holes via new malware. This works very well because only a small percentage of people update their Microsoft software on THE DAY. This allows hackers a window of opportunity to get into user machines while the getting is good. Alternatively, the ASAP approach provides no expectation time for hackers. It also gets security patches out in the field immediately rather than waiting around for potentially weeks, during which time each security hole sits out there ripe for the hacking.
Therefore, I hope this second-Tuesday-of-the-month security update is merely coincidence. Sorry Enterprise IT folks! Having THE DAY each month for security patches may be convenient, but it is BAD security protocol. Security wins in this business.
Rules for System Update Preparation:
1) You know what I'm going to say: Make A Backup! Expect updates to go wrong. They often do.
2) Repair your boot system! It is amazing how many system updates go bad simply because the boot system was corrupt. What else would you expect? Boot from your system installation disk and run the repairs inside Disk Utility.
3) Repair your boot system preferences! Despite the myths, bad file permissions are also a prominent reason why system updates go bad. Again, what else would you expect? Note: You also need to repair your permissions AFTER the update. Adobe always leave behind a mess. Even Apple make slip ups! Apple left behind bad permission settings after Leopard Server Update 10.5.6! Expect it to happen. Use Disk Utility.
4) Don't forget to update! Keeping up with system updates is very important! Check this out:
An example of how few computer users actually apply updates: The Microsoft Windows security hole exploited by the Conficker worm was patched way back in October, 2008. And yet, the Conficker worm zombied an estimated 15 MILLION+ Windows boxes after Microsoft provided the patch. Incredible.
The Update List:
Your Mac's System Update app will tell you what updates are necessary for your particular setup. The list of updates from 5/12 is long. All the links below are for each update's general description and download page. Each page has a further link to its detailed information page. If you would like to go directly to the security improvements list for each update, please go HERE.
Safari v3.2.3 for Windows, 19.69 MB
Safari v3.2.3 for Tiger, 26.29 MB
Safari v3.2.3 for Leopard, 40 MB
Safari v4.0 Public Beta Security Update for Tiger, Leopard, Windows XP and Windows Vista
Security Update 2009-002 for Tiger PPC, 75 MB
Security Update 2009-002 for Tiger Intel, 165 MB
Security Update 2009-002 for Tiger Server PPC, 130 MB
Security Update 2009-002 for Tiger and Leopard Server, Universal, 203 MB
Mac OS X Combo Update 10.5.7 Leopard, including 2009-002, 729 MB
Mac OS X Server Combo Update 10.5.7 Leopard, including 2009-002, 951 MB
Mac OS X Update 10.5.7 Leopard, including 2009-002, 442 MB
Mac OS X Server Update 10.5.7 Leopard, including 2009-002, 452 MB
Coming up will be my summary and analysis of the security improvements provided by these updates.
--
Thursday, February 12, 2009
Mac Security Update 2009-001, Java Updates and a Safari for Windows Update
--
If you'd like to read Apple's notes about Security Update 2009-001, you can click HERE.
Ahead is a quick analysis of what is covered in the update, along with comments.
This security update is specifically for computers updated to Mac OS X 10.4.11 and 10.5.6, both client and server. Presumably it will be integrated into 10.5.7 when it's available.
There are 28 specific security updates including fixes for 48 documented vulnerabilities, making this another whopper relative to the updates we used to get from Apple a couple years back. I like that. The updates cover some interesting aspects of the Mac OS X Apple have not previously addressed. This indicates to me that over time they are carefully combing through aspects of the OS rather than randomly poking around or only responding as they receive vulnerability reports from third parties.
As ever, there are several buffer overflow patches. Memory management remains one of the banes of contemporary coding. I'm getting the idea that this problem won't go away until we invent an AI that can self-analyze its own computer code. It could happen!
A surprising trend in this update is the patching of security problems introduced specifically in Mac OS X 10.5.6. Ahem Apple. Ahem beta testers.
Cookies: There are a couple repairs for cookie problems introduced into the CFNetwork process in Mac OS X 10.5.6.
Printing: Included is a CUPS update as well as a repair of an error in the csregprinter process that allowed system privileges escalation.
Scripting: There are several patches provided for python and one for perl.
Remote Apple Events: There are a couple buffer overflow / out-of-bounds memory access patches.
SMB: Apple themselves patched a couple buffer problems, which is interesting. It's good to see Apple serious about compatibility with Windows networks.
X11: There are a collection of patches regarding font handling, user privilege plundering and several other vulnerabilites in the X11 server.
JavaScript: Here's another bane of contemporary coding. This time the patch is to Safari's RSS handling of feed URLs.
Mail services: A pair of patches are made to fetchmail and another pair to SquirrelMail.
Video: Yet another problem with maliciously crafted media files. This time a patch is provided for the Pixlet codec.
Other patched services include:
AFP Server
CarbonCore's Resource Manager
Certificate Assistant
CoreText
DS Tools: dscl
Folder Manager
FSEvents framework: fseventsd
Network Time
Server Manager: servermgrd
XTerm
And included is a security updated version of ClamAV for both 10.4 and 10.5 Server.
There were also a few other security related updates released today. Here is a list with links provided to their individual security update description documents:
Safari 3.2.2 for Windows
Java for Mac OS X 10.4 Release 8
Java for Mac OS X 10.5 Update 3
The Java security vulnerabilities that were patched include maliciously written web page Java applets allowing user privilege plundering. These problems weren't in Apple's implementation but in Java itself. SOS: Java was supposed to be as safe as a sandbox. Yeah, a sandbox full of land sharks.
My recommendation for security fanatics, as per recommendations from security expert Steve Gibson: If you don't want to take chances with hacker perpetrated JavaScript and Java, use a browser that lets you turn on support for both protocols on a site by site basis. As with using Little Snitch, it can be a PITA dithering around with little stuff on the net. But the geek in me adjusted such that I use site by site service control all the time. The browser I use for this purpose is OmniWeb. It's the bells and whistles web browser for Mac OS X and is well worth paying for if you like its abundant added features. You can also rig FireFox to handle site by site services as well. Camino and Safari are sadly site specific clueless. I haven't tested other browsers.
BTW: Coming up is my long delayed discussion of Tracking Cookies.
Share and Enjoy!
:-Derek
--
If you'd like to read Apple's notes about Security Update 2009-001, you can click HERE.
Ahead is a quick analysis of what is covered in the update, along with comments.
This security update is specifically for computers updated to Mac OS X 10.4.11 and 10.5.6, both client and server. Presumably it will be integrated into 10.5.7 when it's available.
There are 28 specific security updates including fixes for 48 documented vulnerabilities, making this another whopper relative to the updates we used to get from Apple a couple years back. I like that. The updates cover some interesting aspects of the Mac OS X Apple have not previously addressed. This indicates to me that over time they are carefully combing through aspects of the OS rather than randomly poking around or only responding as they receive vulnerability reports from third parties.
As ever, there are several buffer overflow patches. Memory management remains one of the banes of contemporary coding. I'm getting the idea that this problem won't go away until we invent an AI that can self-analyze its own computer code. It could happen!
A surprising trend in this update is the patching of security problems introduced specifically in Mac OS X 10.5.6. Ahem Apple. Ahem beta testers.
Cookies: There are a couple repairs for cookie problems introduced into the CFNetwork process in Mac OS X 10.5.6.
Printing: Included is a CUPS update as well as a repair of an error in the csregprinter process that allowed system privileges escalation.
Scripting: There are several patches provided for python and one for perl.
Remote Apple Events: There are a couple buffer overflow / out-of-bounds memory access patches.
SMB: Apple themselves patched a couple buffer problems, which is interesting. It's good to see Apple serious about compatibility with Windows networks.
X11: There are a collection of patches regarding font handling, user privilege plundering and several other vulnerabilites in the X11 server.
JavaScript: Here's another bane of contemporary coding. This time the patch is to Safari's RSS handling of feed URLs.
Mail services: A pair of patches are made to fetchmail and another pair to SquirrelMail.
Video: Yet another problem with maliciously crafted media files. This time a patch is provided for the Pixlet codec.
Other patched services include:
AFP Server
CarbonCore's Resource Manager
Certificate Assistant
CoreText
DS Tools: dscl
Folder Manager
FSEvents framework: fseventsd
Network Time
Server Manager: servermgrd
XTerm
And included is a security updated version of ClamAV for both 10.4 and 10.5 Server.
There were also a few other security related updates released today. Here is a list with links provided to their individual security update description documents:
Safari 3.2.2 for Windows
Java for Mac OS X 10.4 Release 8
Java for Mac OS X 10.5 Update 3
The Java security vulnerabilities that were patched include maliciously written web page Java applets allowing user privilege plundering. These problems weren't in Apple's implementation but in Java itself. SOS: Java was supposed to be as safe as a sandbox. Yeah, a sandbox full of land sharks.
My recommendation for security fanatics, as per recommendations from security expert Steve Gibson: If you don't want to take chances with hacker perpetrated JavaScript and Java, use a browser that lets you turn on support for both protocols on a site by site basis. As with using Little Snitch, it can be a PITA dithering around with little stuff on the net. But the geek in me adjusted such that I use site by site service control all the time. The browser I use for this purpose is OmniWeb. It's the bells and whistles web browser for Mac OS X and is well worth paying for if you like its abundant added features. You can also rig FireFox to handle site by site services as well. Camino and Safari are sadly site specific clueless. I haven't tested other browsers.
BTW: Coming up is my long delayed discussion of Tracking Cookies.
Share and Enjoy!
:-Derek
--
Tuesday, December 16, 2008
Apple Security Update 008
-
10.5.6 was released Monday afternoon in combination with Apple Security Update 008. The security update is also available separately for Tiger, 10.4. You grab them via Software Update within Mac OS X or download them from Apple's website.
Here are some highlights:
- ATS (Apple Type Services) bug/security update. 10.5 only.
- BOM (Bill of Materials) security update.
- CoreGraphics security update.
- CoreServices security update to prevent web hijacking of a user's credentials.
- CoreTypes security update. Adds further file types to its Internet download warning list. 10.5 only.
- FlashPlayer Plug-in security update.
- Kernel security update. 10.5 only.
- LibSystem:
- network_cmds bug/security update.
- Podcast Producer security update. 10.5 Server only.
- UDF (Universal Disk Format) ISO (International Standards Organization disk image) handling bug/security update.
Details regarding 10.5.6 can be found over at my MacSmarticles blog.
--
10.5.6 was released Monday afternoon in combination with Apple Security Update 008. The security update is also available separately for Tiger, 10.4. You grab them via Software Update within Mac OS X or download them from Apple's website.
Here are some highlights:
- ATS (Apple Type Services) bug/security update. 10.5 only.
- BOM (Bill of Materials) security update.
- CoreGraphics security update.
- CoreServices security update to prevent web hijacking of a user's credentials.
- CoreTypes security update. Adds further file types to its Internet download warning list. 10.5 only.
- FlashPlayer Plug-in security update.
- Kernel security update. 10.5 only.
- LibSystem:
- - Security update to the inet_net_pton API.
- - Security update to the strptime API.
- - Security update to the strfmon API.
- network_cmds bug/security update.
- Podcast Producer security update. 10.5 Server only.
- UDF (Universal Disk Format) ISO (International Standards Organization disk image) handling bug/security update.
Details regarding 10.5.6 can be found over at my MacSmarticles blog.
--
Subscribe to:
Posts (Atom)
