123Macmini.com
FAQFAQ   SearchSearch   MemberlistMemberlist   GalleryPhoto Gallery   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Apple Releases Security Update 2006-005

 
Post new topic   Reply to topic    123Macmini.com - Forums Forum Index -> 123Macmini.com News and Reviews
View previous topic :: View next topic  
Author Message
admin
Site Admin


Joined: 21 Jan 2005
Posts: 2160
Location: U.S.A

PostPosted: Thu Sep 21, 2006 6:15 pm    Post subject: Apple Releases Security Update 2006-005 Reply with quote

Apple Releases Security Update 2006-005
Thursday, September 21, 2006

Apple has released Security Update 2006-005 via Mac OS X's Software Update Utility and on the Web. According to the company, Security Update 2006-005 is recommended for all users and improves the security of the following components:

AirPort

CVE-ID: CVE-2006-3507

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7

Impact: Attackers on the wireless network may cause arbitrary code execution

Description: Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames.

AirPort

CVE-ID: CVE-2006-3508

Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7

Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution

Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

AirPort

CVE-ID: CVE-2006-3509

Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7

Impact: Depending upon third-party wireless software in use, attackers on the wireless network may cause crashes or arbitrary code execution

Description: An integer overflow exists in the Airport wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage. No applications are known to be affected at this time. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

Apple also released the AirPort Update 2006-001. According to the company, this update improves AirPort reliability on Macintosh computers.



http://www.123macmini.com/news/story/532.html
Back to top
View user's profile Send private message Send e-mail Visit poster's website
bsnoel
Senior Member
Senior Member


Joined: 04 Jun 2005
Posts: 355
Location: USA

PostPosted: Thu Sep 21, 2006 7:11 pm    Post subject: Reply with quote

Finally, I can sleep at night. LOL!

Anyway, I put the patch on three Macs and no issues so far.
_________________
Mac Pro Quad 2.66GHz, PowerMac G5 2.3 GHz, iMac Core Duo 17", MacBook Pro 2GHz, MacBook Pro 2.2GHz, Mac mini Core 2 Duo 1.83GHz. Multi-K9 Security System. No false alarms, just lots of sharp teeth.
www.grweather.com
Back to top
View user's profile Send private message Visit poster's website
SOCOMRAIDER
Veteran Member
Veteran Member


Joined: 26 Oct 2005
Posts: 2869
Location: Minneapolis

PostPosted: Thu Sep 21, 2006 7:49 pm    Post subject: Reply with quote

..... waiting for the next iTunes patch (well it works perfect for me, others are waiting).....
_________________
Back to top
View user's profile Send private message
scooper
Veteran Member
Veteran Member


Joined: 05 Mar 2006
Posts: 1003

PostPosted: Thu Sep 21, 2006 7:57 pm    Post subject: Reply with quote

It's all about the Airport baby! Shocked
Back to top
View user's profile Send private message
devo
Veteran Member
Veteran Member


Joined: 23 Jan 2005
Posts: 5384
Location: Dunwoody, GA

PostPosted: Thu Sep 21, 2006 8:13 pm    Post subject: Reply with quote

SOCOMRAIDER wrote:
..... waiting for the next iTunes patch (well it works perfect for me, others are waiting).....


That patch can't come fast enough for me. iTunes 7 is acting really really strange. I posted about memory issues with it the other night.
Back to top
View user's profile Send private message
SOCOMRAIDER
Veteran Member
Veteran Member


Joined: 26 Oct 2005
Posts: 2869
Location: Minneapolis

PostPosted: Thu Sep 21, 2006 9:03 pm    Post subject: Reply with quote

devo wrote:
That patch can't come fast enough for me. iTunes 7 is acting really really strange. I posted about memory issues with it the other night.
Yeah, this version of iTunes is getting the anti-Apple people saying.. see what garbage Apple puts out.. you can see a lot of it on CNET (probably some of the most biased against Apple members, that I regularly check).
_________________
Back to top
View user's profile Send private message
imfullofit
Member
Member


Joined: 03 Feb 2006
Posts: 133

PostPosted: Sat Sep 23, 2006 3:21 am    Post subject: Reply with quote

SOCOMRAIDER wrote:
devo wrote:
That patch can't come fast enough for me. iTunes 7 is acting really really strange. I posted about memory issues with it the other night.
Yeah, this version of iTunes is getting the anti-Apple people saying.. see what garbage Apple puts out.. you can see a lot of it on CNET (probably some of the most biased against Apple members, that I regularly check).


I took a look at the apple forums in the Itunes windows section the other day. If you want to see some unhappy people go there. I feel sorry for any company that has to make software for windows. What kinds of things are people experiencing on the apple side of things? I know that apple is trying to make the cover art downloads more complete.

I did the patch on my macbook, G4 1.42 mini and a G4 ibook with no issues. I am hopeing that it will take advantage of some of the features on my macbook that are on some of the chips that apple was not using. I would like to see at least the same battery life as my old G3 ibook.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    123Macmini.com - Forums Forum Index -> 123Macmini.com News and Reviews All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



      

Shop:  Apple Store  |  Refurbished Macs  |  Refurbished iPads  |  MacConnection  |  Mac Mini Vault  |  Other World Computing

MK 1 Studio Mac mini Racks  |  Crucial Mac Memory  |  Top Free Mac Apps  |  Top Paid Mac Apps



123Macmini.com is an independent publication and has not been authorized, sponsored, or approved by Apple Computer, Inc.
All logos and trademarks in this site are property of their respective owners.
Copyright © 2011 123Macmini.com. All Rights Reserved.