Apple on Tuesday afternoon released a massive security update targeting various versions of its Mac OS X and Mac OS X Server operating systems, and patching over 40 previously discovered flaws.
A number of password and authentication issues were also addressed in the areas of Kerberos, Podcaster, Preview and Printing. For example, Apple said Mac OS X Server's Podcast Producer included a component that provided passwords to a subtask through arguments, potentially exposing the passwords to other local users. Likewise, Preview and Printing services contained flaws that could expose the contents of an encrypted PDF without prompting the user for a password.
Meanwhile, an Image Raw-related glitch made it possible for a maliciously crafted image to lead to an unexpected application termination or arbitrary code execution.
"A stack based buffer overflow exists in the handling of Adobe Digital Negative (DNG) image files. By enticing a user to open a maliciously crafted image file, an attacker may cause an unexpected application termination or arbitrary code execution," Apple said. "This update addresses the issue through improved validation of DNG image files. This issue does not affect systems prior to Mac OS X v10.5."
Other fixes address vulnerabilities in Apache, AFP, Application Firewall, CFNetwork, ClamAV, CoreFoundation, CoreServices, curl, Emacs, libc, mDNSResponder, notifyd, OpenSSH, pax archive utility, PHP, System Configuration, UDF, and Wiki Server. A full list is available here.
Security Update 2008-002 is available in three distinct distributions each for Mac OS X Client (Leopard, Universal, PPC) and Mac OS X Server (Leopard, Universal, PPC). Alternatively, you can run the Mac OS X Software Update mechanism located under the Apple menu to automatically receive the appropriate update for your system.
17 Comments
A second update requiring a reboot in one day?
Seriously, they couldn't just hold Safari until this was ready so we'd only have to reboot once?
A second update requiring a reboot in one day?
Seriously, they couldn't just hold Safari until this was ready so we'd only have to reboot once?
Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".
Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".
I agree.. Rebooting gives me time to reheat the coffee that I've left to cool off to room temp, rendering it once again drinkable.
I'm curious if this fixes the core audio issues I've been having with pro-audio apps since the leopard upgrade. We shall see!
I agree.. Rebooting gives me time to reheat the coffee that I've left to cool off to room temp, rendering it once again drinkable.
I'm curious if this fixes the core audio issues I've been having with pro-audio apps since the leopard upgrade. We shall see!
Not for people with Portable Home Directories, can take ages with all the syncing, especially with Leopard
Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".
I've never understood why we have to reboot for changes to take effect. All my applications close and I have to get everything opened back up and get in the rut of working again after I reboot. It may take less than 2 minutes but you loose 5 minutes or more doing the reboot.