User Name
Password
AppleNova Forums » Apple Products »

Apple releases new security update


Register Members List Calendar Search FAQ Posting Guidelines
Apple releases new security update
Thread Tools
Defiant
Member
 
Join Date: May 2004
Location: Switzerland
Send a message via ICQ to Defiant Send a message via AIM to Defiant  
2004-05-21, 18:02

It's the fix for the Help Viewer issue. Now in Software Update!
  quote
Paul
Veteran Member
 
Join Date: May 2004
Location: New York City
 
2004-05-21, 18:50

weighing in at 712k, not to shabby... here is the description:
Quote:
Security Update 2004-05-24 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:


HelpViewer
and it does NOT require a restart

  quote
curiousuburb
Antimatter Man
 
Join Date: May 2004
Location: that interweb thing
 
2004-05-21, 19:01

patches are good.

don't know if it also addresses the Safari (webcore) side of the exploit,
but an official response is welcome
  quote
Chinney
Veteran Member
 
Join Date: May 2004
Location: Ottawa, ON
 
2004-05-21, 22:14

Is this not two updates in the past few weeks? Just what operating system am I running here?
  quote
LudwigVan
Veteran Member
 
Join Date: May 2004
Location: Minnesota
 
2004-05-21, 22:29

Quote:
Originally Posted by Chinney
Is this not two updates in the past few weeks? Just what operating system am I running here?
I doubt the sky is falling quite yet.

By the way, I read at the MacRumors forum that there is some kind of Terminal fix in this update for 10.2 users.
  quote
Ryan
Veteran Member
 
Join Date: May 2004
Location: Promise Land of Trustafarians
 
2004-05-21, 22:46

Quote:
Originally Posted by Chinney
Is this not two updates in the past few weeks? Just what operating system am I running here?

At least they addressed it quickly, and didn't take weeks or months.
  quote
torifile
Less than Stellar Member
 
Join Date: May 2004
Location: Durham, NC
Send a message via AIM to torifile  
2004-05-21, 22:52

Quote:
Originally Posted by CubeDude
At least they addressed it quickly, and didn't take weeks or months.
AFAIK, the vulnerability was reported to them a while ago. It only became public recently but they did know about it for a while.
  quote
Defiant
Member
 
Join Date: May 2004
Location: Switzerland
Send a message via ICQ to Defiant Send a message via AIM to Defiant  
2004-05-22, 05:12

It was reported to them on the 23rd of February. Now we have 24th of May. That's not quick. But they had to do something after it became public, didn't they?

If anyone wants to test it again, here's the original proof of concept: http://www.insecure.ws/article.php?s...04051612423136

Here's what I get in OmniWeb:



It says: "Attention: The following DiskImages couldn't be activated, Reason: No such file or folder."

  quote
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2004-05-22, 09:08

WARNING: Apple's fix DOES NOT address the serious security flaw in Safari that is described by Unsanity. I just installed the patch last night and it does nothing to stop the behavior noted above. There have been some people online who think it does more than fix the Help Viewer thing; it doesn't AFAICT.

Even if the "Open Safe Files" is turned off in Safari (which mine always is), disk images can be mounted on your machine and launch code without you ever doing anything to specifically enable that behavior (such as downloading a suspicious file). This is some scary poop.

...into the light of a dark black night.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools

« Previous Thread | Next Thread »

All times are GMT -5. The time now is 07:00.


Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2021, AppleNova