Security Update 2005-009
Apple on Tuesday released Security Update 2005-009, which delivers a number of security enhancements and is recommended for all Macintosh users.
According to the release notes, the update addresses issues with apache_mod_ssl, CoreFoundation, CoreTypes, curl, iodbcadmin, OpenSSL, Safari, sudo, and syslog.
Most notably, the update rectifies issues where:
- local users may gain elevated privileges;
- maliciously-crafted URLs may result in crashes or arbitrary code execution;
- applications using OpenSSL may be forced to use the weaker SSLv2 protocol;
- local users on Open Directory master servers may gain elevated privileges;
- Safari may download files outside of the designated download directory;
- JavaScript dialog boxes in Safari may be misleading;
- visiting malicious web sites with WebKit-based applications may lead to arbitrary code execution;
- local users may be able to gain elevated privileges in certain sudo configurations;
- system log entries may be forged;
Security Update 2005-009 also includes enhancements to Safari to improve handling of credit card security codes (Mac OS X v10.3.9 and Mac OS X v10.4.3), CoreTypes to improve handling of Terminal files (Mac OS X v10.4.3), QuickDraw Manager to improve rendering of PICT files (Mac OS X v10.3.9), documentation regarding OpenSSH and PAM (Mac OS X v10.4.3), and ServerMigration to remove unneeded privileges.
Aperture arrives on doorsteps
Also on Tuesday, several readers wrote in to share their excitement at receiving the first shipping copies of Aperture, Apple's new \"everything you need for after the shoot\" post-production tool for professional (or amateur) photographers.
It was previously reported that Aperture was due to ship on November 30th (tomorrow) after Amazon.com published the release date on its website. The online retailer is offering an instant $50 markdown on the software, bringing the cost down to $449.