Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple releases Security Update 2008-002

Apple on Tuesday afternoon released a massive security update targeting various versions of its Mac OS X and Mac OS X Server operating systems, and patching over 40 previously discovered flaws.

Among the most heavily addressed areas are AppKit, the CUPS unix printing environment, Foundation, and X11 — all of which contained vulnerabilities that could lead to arbitrary code execution, unexpected application termination, or grant attackers unauthorized access to various system components.

A number of password and authentication issues were also addressed in the areas of Kerberos, Podcaster, Preview and Printing. For example, Apple said Mac OS X Server's Podcast Producer included a component that provided passwords to a subtask through arguments, potentially exposing the passwords to other local users. Likewise, Preview and Printing services contained flaws that could expose the contents of an encrypted PDF without prompting the user for a password.

Meanwhile, an Image Raw-related glitch made it possible for a maliciously crafted image to lead to an unexpected application termination or arbitrary code execution.

"A stack based buffer overflow exists in the handling of Adobe Digital Negative (DNG) image files. By enticing a user to open a maliciously crafted image file, an attacker may cause an unexpected application termination or arbitrary code execution," Apple said. "This update addresses the issue through improved validation of DNG image files. This issue does not affect systems prior to Mac OS X v10.5."

Other fixes address vulnerabilities in Apache, AFP, Application Firewall, CFNetwork, ClamAV, CoreFoundation, CoreServices, curl, Emacs, libc, mDNSResponder, notifyd, OpenSSH, pax archive utility, PHP, System Configuration, UDF, and Wiki Server. A full list is available here.

Security Update 2008-002 is available in three distinct distributions each for Mac OS X Client (Leopard, Universal, PPC) and Mac OS X Server (Leopard, Universal, PPC). Alternatively, you can run the Mac OS X Software Update mechanism located under the Apple menu to automatically receive the appropriate update for your system.



17 Comments

minderbinder 18 Years · 1702 comments

A second update requiring a reboot in one day?

Seriously, they couldn't just hold Safari until this was ready so we'd only have to reboot once?

lkrupp 19 Years · 10521 comments

Quote:
Originally Posted by minderbinder

A second update requiring a reboot in one day?

Seriously, they couldn't just hold Safari until this was ready so we'd only have to reboot once?

Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".

1013media 17 Years · 7 comments

Quote:
Originally Posted by lkrupp

Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".

I agree.. Rebooting gives me time to reheat the coffee that I've left to cool off to room temp, rendering it once again drinkable.

I'm curious if this fixes the core audio issues I've been having with pro-audio apps since the leopard upgrade. We shall see!

kevinneal 19 Years · 65 comments

Quote:
Originally Posted by 1013media

I agree.. Rebooting gives me time to reheat the coffee that I've left to cool off to room temp, rendering it once again drinkable.

I'm curious if this fixes the core audio issues I've been having with pro-audio apps since the leopard upgrade. We shall see!

Not for people with Portable Home Directories, can take ages with all the syncing, especially with Leopard

aplnub 20 Years · 2385 comments

Quote:
Originally Posted by lkrupp

Never have understood this obsessive, compulsive behavior regarding rebooting. Totally irrational in my opinion. The whole process takes less than a minute so it's not like one is losing any productivity over the issue. I guess it's all about bragging rights as to how long a system has been "up".

I've never understood why we have to reboot for changes to take effect. All my applications close and I have to get everything opened back up and get in the rut of working again after I reboot. It may take less than 2 minutes but you loose 5 minutes or more doing the reboot.