Got a tip for us? Share it...

Apple Security Update 2007-002, Daylight Savings Update and More

Apple released a number of software updates today under Mac OS X's Software Update feature. The first is a security update that "is recommended for all users and improves the security of the following components:"

- CoreServices
- iChat
- UserNotificationCenter

More detailed information about the changes are listed at Apple.

Apple also revealed a Daylight Saving Time Update due to recent changes on the dates Daylight Savings will occur this year:

The Daylight Saving Time Update for Mac OS X and Mac OS X Server addresses recent changes in the way Daylight Saving Time will be observed in the U.S. and Canada beginning in March 2007 and includes the latest time zone information for the rest of the world.


More information is at http://docs.info.apple.com/article.html?artnum=305056

Other updates also listed by Apple include:

- Java for Mac OS X 10.3 Update 5
- Java for Mac OS X 10.4 Update 5
- WebObjects 5.3.3
- Final Cut Pro 5.1.3

Top Rated Comments

(View all)

65 months ago
downloaded all, works fine. Haven't noticed anything different yet. Wait why is the screen flickering!
Rating: 0 Positives / 0 Negatives
65 months ago
I JUST got my 24" iMac yesterday, and thought my software updates were going to be done for a while, then I noticed this popping up.

Worked perfectly though, so no complaints.
Rating: 0 Positives / 0 Negatives
65 months ago
isn't an OS update due soon though which will include the security update?
Rating: 0 Positives / 0 Negatives
65 months ago
iChat update?
Rating: 0 Positives / 0 Negatives
65 months ago
here's the link from apple, as usual no information:

http://www.apple.com/downloads/macosx/apple/firmware_hardware/geforce7300gtfirmwareupdate.html

i was hoping this firmware update would allow me to now get the drivers to have portrait view on my samsung 24" synchmaster, but it gives me nothing.

what the heck is this firmware for? performance enhancements?

and how come nvidia has no apple drivers or software?

i'm freaking frustrated with nvidia, this will only force me to go with ati, or buy a completely new rig and install windows vista... all i want is portrait view!

by the way, i installed all the other updates, things are working smoothly...
Rating: 0 Positives / 0 Negatives
65 months ago
Finder

Mounting a maliciously-crafted disk image may lead to an application crash or arbitrary code executionA buffer overflow exists in Finder's handling of volume names. By enticing a user to mount a malicious disk image, an attacker could trigger this issue, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-09-01-2007). This update addresses the issue by performing additional validation of disk images. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.

iChat

Attackers on the local network may be able to cause iChat to crashA null pointer dereference in iChat's Bonjour message handling could allow a local network attacker to cause an application crash. A proof of concept for this issue in Mac OS X v10.4 has been published on the "Month of Apple Bugs" website (MOAB-29-01-2007). A similar issue exists in Mac OS X v10.3. This update addresses the issues by performing additional validation of Bonjour messages.

iChat

Visiting malicious websites may lead to an application crash or arbitrary code executionA format string vulnerability exists in the iChat AIM URL handler. By enticing a user to access a maliciously-crafted AIM URL, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-20-01-2007). This update addresses the issue by performing additional validation of AIM URLs.

UserNotification

Malicious local users may be able to obtain system privilegesThe UserNotificationCenter process runs with elevated privileges in the context of a local user. This may allow a malicious local user to overwrite or modify system files. A program that triggers this issue has been published on the "Month of Apple Bugs" website (MOAB-22-01-2007). This update addresses the issue by having UserNotificationCenter drop its group privileges immediately after launching.
Rating: 0 Positives / 0 Negatives
65 months ago
No issues, yet.

10.4.8
Dual 2 GHz PPC G5
2.5 GB DDR2 SDRAM
Rating: 0 Positives / 0 Negatives
65 months ago
Interesting all MOAB fixes. Like to see MS respond to a Month of Vista Bugs. :D

I thought the DST issue had been addressed long ago, or have there been even more recent changes to DST? Ah I see, they're addressing more regions, as well as 10.3 users. :cool:

The 2007 time zone and Daylight Saving Time rule changes for the United States and most of Canada are already available in Mac OS X 10.4.5 or later.

Some additional regions that recently adopted time zone and DST changes are available in the February, 2007 Daylight Saving Time Update.

Rating: 0 Positives / 0 Negatives
65 months ago
I wonder if this is due to some kind of delay with 10.4.9. It seemed just around the corner a few weeks ago with constant seeds and few known issues but then it all went quiet....
Rating: 0 Positives / 0 Negatives
65 months ago
Well, it's cool to see that Apple fixes the thing addressed in the month of apple bugs so quickly.
Rating: 0 Positives / 0 Negatives

[ Read All Comments ]