| View previous topic :: View next topic |
| Author |
Message |
admin
Site Admin
Joined: 21 Jan 2005
Posts: 2065
Location: U.S.A
|
 Posted: Thu May 11, 2006 5:50 pm Post subject: Apple Releases Security Update 2006-003 |
 |
|
Apple Releases Security Update 2006-003
Thursday, May 11, 2006
Apple has released Security Update 2006-003 via Mac OS X's Software Update Utility and on the Web. According to the company, Security Update 2006-003 is recommended for all users and improves the security of the following components: AppKit, Bom, CFNetwork, CoreFoundation, CoreGraphics, curl, Finder, Flash Player, Plug-in, ImageIO, LaunchServices, Mail, Preview, QuickDraw, Ruby, Safari, and securityd.
http://www.123macmini.com/news/story/473.html |
|
| Back to top |
|
 |
picaman
Veteran Member
Joined: 16 Aug 2005
Posts: 1444
Location: NYC
|
|
| Back to top |
|
|
kuro
Member
Joined: 27 Oct 2005
Posts: 83
|
| Posted: Sat May 13, 2006 5:42 am Post subject: |
|
|
Some users are being affected by a different problem. After rebooting the login screen flashes up briefly and then disappears leaving a blue screen. After a while the spinner appears and then the OS drops to the command-line login screen (black screen with login prompt in top-left corner).
It isn't possible to get to the GUI via safe boot mode either. Resetting flash with cmd-opt-P-R doesn't help. Booting from the install CD and repairing permissions or disk (fsck) doesn't help either.
This second issue seems to be affecting some users with PPC Macs and some users with Intel Macs and may be unrelated to the StartupItems iissue. |
|
| Back to top |
|
|
picaman
Veteran Member
Joined: 16 Aug 2005
Posts: 1444
Location: NYC
|
| Posted: Sat May 13, 2006 6:36 am Post subject: |
|
|
I went against my usual policy and installed this update--I have a tendency to wait a few days to see if problems crop up and new versions are issued. That's happened recently with another security update, I think.
I didn't have problems installing to my G4 Mini, but I'd still recommend holding off a few days on this one, especially if there's an Intel Mini involved. I have a feeling that Apple may quietly reissue this one.
Jamie |
|
| Back to top |
|
|
iMav
Veteran Member
Joined: 13 Feb 2005
Posts: 2173
Location: Columbus, WI
|
| Posted: Sat May 13, 2006 6:41 am Post subject: |
|
|
No problems on my G4 iBook. We'll see how the Intel iMac and Mini goes this afternoon.
_________________
-=iMav=-
http://geekhack.org |
|
| Back to top |
|
|
MiniMoe
Veteran Member
Joined: 25 Apr 2006
Posts: 605
|
| Posted: Sat May 13, 2006 7:07 am Post subject: |
|
|
Which leads me to an interesting question....
How do you install updates from the command line? (assuming you have the problem above or ssh'd remotely into the box)
_________________
Moe
1.66GHz Core-Duo Mini, 2GB/120GB, Apple 23" Cinema HD Display
Apple Wireless Keyboard & Mouse, Apple iSight Camera
Apple USB Modem (for faxing), Bose Companion 2 Speakers
2.0GHz white MacBook 1GB/80GB |
|
| Back to top |
|
|
iMav
Veteran Member
Joined: 13 Feb 2005
Posts: 2173
Location: Columbus, WI
|
| Posted: Sat May 13, 2006 7:26 am Post subject: |
|
|
| MiniMoe wrote: | | How do you install updates from the command line? (assuming you have the problem above or ssh'd remotely into the box) |
$ which softwareupdate
/usr/sbin/softwareupdate
$ softwareupdate --help
usage: softwareupdate <mode> [<args> ...]
-l | --list List all appropriate updates
-d | --download Download Only
-i | --install Install
<label> ... specific updates
-a | --all all appropriate updates
-r | --recommended only recommended updates
-u | --url <url> ... from signed package URLs
Per-user preferences:
--ignore <label> ... Ignore specific updates
--reset-ignored Clear all ignored updates
--schedule (on | off) Set automatic checking
-h | --help Print this help
_________________
-=iMav=-
http://geekhack.org |
|
| Back to top |
|
|
MiniMoe
Veteran Member
Joined: 25 Apr 2006
Posts: 605
|
| Posted: Sat May 13, 2006 8:09 am Post subject: |
|
|
That's GREAT! Thanks!
[edit]Got 'em all 3 installed (from the Dell 8600). Found that I didn't need to use -d because -i downloads them. Installed them one at a time between reboots because they were all "restart" required.
_________________
Moe
1.66GHz Core-Duo Mini, 2GB/120GB, Apple 23" Cinema HD Display
Apple Wireless Keyboard & Mouse, Apple iSight Camera
Apple USB Modem (for faxing), Bose Companion 2 Speakers
2.0GHz white MacBook 1GB/80GB |
|
| Back to top |
|
|
resuna
Member
Joined: 15 May 2005
Posts: 215
|
| Posted: Mon May 15, 2006 11:49 am Post subject: |
|
|
| picaman wrote: | | Mac OS X now has zero unpatched known vulnerabilities. |
Open "Safe" Files After Downloading is a vulnerability.
The use of the same set of bindings for helper applications (for URIs and file types) by both Finder and Safari is a vulnerability.
Popping up another "Hi I'm an annoying message you always approve anyway so just click 'Infect Me'" dialog box is not "patching a vulnerability", it's "providing an illusion of security for naive users". |
|
| Back to top |
|
|
picaman
Veteran Member
Joined: 16 Aug 2005
Posts: 1444
Location: NYC
|
| Posted: Mon May 15, 2006 2:20 pm Post subject: |
|
|
My statement referred to the Secunia site's assessment of the situation, which was linked immediately below in my original post. As Secunia is a major purveyor of Mac FUD, that page was amusing to me.
I think it's all in how you define "vulnerability." I agree with you that OS X is deficient in that area, but I also think that no OS is ever going to be invulnerable to social engineering.
Jamie |
|
| Back to top |
|
|
resuna
Member
Joined: 15 May 2005
Posts: 215
|
| Posted: Mon May 15, 2006 2:40 pm Post subject: |
|
|
| picaman wrote: | | I agree with you that OS X is deficient in that area, but I also think that no OS is ever going to be invulnerable to social engineering. |
If it was just "social engineering" I wouldn't have a problem. Anyone can learn not to be "social engineered" by viruses and worms... at work, there are people who have been tricked into downloading an attachment or file and opening it, once. I've never had someone come to me and say "I downloaded and opened a file and I got infected again".
I have had people come to me and say "I clicked the wrong button and I got infected again".
The difference is between a reflex, and a decision. A trained response, and a choice. Pavlovian conditioning, not social engineering. |
|
| Back to top |
|
|
picaman
Veteran Member
Joined: 16 Aug 2005
Posts: 1444
Location: NYC
|
| Posted: Tue May 16, 2006 7:36 am Post subject: |
|
|
| resuna wrote: | | I've never had someone come to me and say "I downloaded and opened a file and I got infected again". |
That's because they are too embarrassed to tell you  
Seriously, your points are well taken. Hopefully Leopard will address this issue.
Jamie |
|
| Back to top |
|
|
|
FAQ 
Search 
Memberlist 
Photo Gallery
Register
Profile 
Log in to check your private messages 
Log in 
