Apple Security Update 2007-002, Daylight Savings Update and More
Apple released a number of software updates today under Mac OS X's Software Update feature. The first is a security update that "is recommended for all users and improves the security of the following components:"
- CoreServices
- iChat
- UserNotificationCenter
More detailed information about the changes are listed at Apple.
Apple also revealed a Daylight Saving Time Update due to recent changes on the dates Daylight Savings will occur this year:
More information is at http://docs.info.apple.com/article.html?artnum=305056
Other updates also listed by Apple include:
- Java for Mac OS X 10.3 Update 5
- Java for Mac OS X 10.4 Update 5
- WebObjects 5.3.3
- Final Cut Pro 5.1.3
- CoreServices
- iChat
- UserNotificationCenter
More detailed information about the changes are listed at Apple.
Apple also revealed a Daylight Saving Time Update due to recent changes on the dates Daylight Savings will occur this year:
The Daylight Saving Time Update for Mac OS X and Mac OS X Server addresses recent changes in the way Daylight Saving Time will be observed in the U.S. and Canada beginning in March 2007 and includes the latest time zone information for the rest of the world.
More information is at http://docs.info.apple.com/article.html?artnum=305056
Other updates also listed by Apple include:
- Java for Mac OS X 10.3 Update 5
- Java for Mac OS X 10.4 Update 5
- WebObjects 5.3.3
- Final Cut Pro 5.1.3
Top Rated Comments
(View all)
65 months ago
downloaded all, works fine. Haven't noticed anything different yet. Wait why is the screen flickering!
65 months ago
I JUST got my 24" iMac yesterday, and thought my software updates were going to be done for a while, then I noticed this popping up.
Worked perfectly though, so no complaints.
Worked perfectly though, so no complaints.
65 months ago
here's the link from apple, as usual no information:
http://www.apple.com/downloads/macosx/apple/firmware_hardware/geforce7300gtfirmwareupdate.html
i was hoping this firmware update would allow me to now get the drivers to have portrait view on my samsung 24" synchmaster, but it gives me nothing.
what the heck is this firmware for? performance enhancements?
and how come nvidia has no apple drivers or software?
i'm freaking frustrated with nvidia, this will only force me to go with ati, or buy a completely new rig and install windows vista... all i want is portrait view!
by the way, i installed all the other updates, things are working smoothly...
http://www.apple.com/downloads/macosx/apple/firmware_hardware/geforce7300gtfirmwareupdate.html
i was hoping this firmware update would allow me to now get the drivers to have portrait view on my samsung 24" synchmaster, but it gives me nothing.
what the heck is this firmware for? performance enhancements?
and how come nvidia has no apple drivers or software?
i'm freaking frustrated with nvidia, this will only force me to go with ati, or buy a completely new rig and install windows vista... all i want is portrait view!
by the way, i installed all the other updates, things are working smoothly...
65 months ago
Finder
Mounting a maliciously-crafted disk image may lead to an application crash or arbitrary code executionA buffer overflow exists in Finder's handling of volume names. By enticing a user to mount a malicious disk image, an attacker could trigger this issue, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-09-01-2007). This update addresses the issue by performing additional validation of disk images. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.
iChat
Attackers on the local network may be able to cause iChat to crashA null pointer dereference in iChat's Bonjour message handling could allow a local network attacker to cause an application crash. A proof of concept for this issue in Mac OS X v10.4 has been published on the "Month of Apple Bugs" website (MOAB-29-01-2007). A similar issue exists in Mac OS X v10.3. This update addresses the issues by performing additional validation of Bonjour messages.
iChat
Visiting malicious websites may lead to an application crash or arbitrary code executionA format string vulnerability exists in the iChat AIM URL handler. By enticing a user to access a maliciously-crafted AIM URL, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-20-01-2007). This update addresses the issue by performing additional validation of AIM URLs.
UserNotification
Malicious local users may be able to obtain system privilegesThe UserNotificationCenter process runs with elevated privileges in the context of a local user. This may allow a malicious local user to overwrite or modify system files. A program that triggers this issue has been published on the "Month of Apple Bugs" website (MOAB-22-01-2007). This update addresses the issue by having UserNotificationCenter drop its group privileges immediately after launching.
Mounting a maliciously-crafted disk image may lead to an application crash or arbitrary code executionA buffer overflow exists in Finder's handling of volume names. By enticing a user to mount a malicious disk image, an attacker could trigger this issue, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-09-01-2007). This update addresses the issue by performing additional validation of disk images. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.
iChat
Attackers on the local network may be able to cause iChat to crashA null pointer dereference in iChat's Bonjour message handling could allow a local network attacker to cause an application crash. A proof of concept for this issue in Mac OS X v10.4 has been published on the "Month of Apple Bugs" website (MOAB-29-01-2007). A similar issue exists in Mac OS X v10.3. This update addresses the issues by performing additional validation of Bonjour messages.
iChat
Visiting malicious websites may lead to an application crash or arbitrary code executionA format string vulnerability exists in the iChat AIM URL handler. By enticing a user to access a maliciously-crafted AIM URL, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the "Month of Apple Bugs" website (MOAB-20-01-2007). This update addresses the issue by performing additional validation of AIM URLs.
UserNotification
Malicious local users may be able to obtain system privilegesThe UserNotificationCenter process runs with elevated privileges in the context of a local user. This may allow a malicious local user to overwrite or modify system files. A program that triggers this issue has been published on the "Month of Apple Bugs" website (MOAB-22-01-2007). This update addresses the issue by having UserNotificationCenter drop its group privileges immediately after launching.
65 months ago
Interesting all MOAB fixes. Like to see MS respond to a Month of Vista Bugs. :D
I thought the DST issue had been addressed long ago, or have there been even more recent changes to DST? Ah I see, they're addressing more regions, as well as 10.3 users. :cool:
I thought the DST issue had been addressed long ago, or have there been even more recent changes to DST? Ah I see, they're addressing more regions, as well as 10.3 users. :cool:
The 2007 time zone and Daylight Saving Time rule changes for the United States and most of Canada are already available in Mac OS X 10.4.5 or later.
Some additional regions that recently adopted time zone and DST changes are available in the February, 2007 Daylight Saving Time Update.
65 months ago
I wonder if this is due to some kind of delay with 10.4.9. It seemed just around the corner a few weeks ago with constant seeds and few known issues but then it all went quiet....
65 months ago
Well, it's cool to see that Apple fixes the thing addressed in the month of apple bugs so quickly.
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
