Mac Security: Security Update 2007-007

Discussion in 'Apple' started by Derek Currie, Aug 1, 2007.

  1. Derek Currie

    Derek Currie Guest

    On Tuesday Apple released Security Update 2007-007. It is a large
    update including 25 security vulnerability patches. You can read
    about the update at:

    <http://docs.info.apple.com/article.html?artnum=306172>

    You can download the update via your Mac OS X Software Update
    system preference pane of download it from:

    <http://www.apple.com/support/downloads/>

    Here is a brief list of items patched by this security update:

    bzip2
    CFNetwork
    CoreAudio
    cscope
    gnuzip
    iChat
    Kerberos
    mDNSResponder
    PDFKit
    PHP
    Quartz Composer
    Samba
    SquirrelMail
    Tomcat
    WebCore
    WebKit

    Note the mDNSResponder patch. It will be interesting to see if
    this repairs the rumored (as yet unproven) hole in mDNSResponder
    reported last week.


    * As ever, before you install any major update it is important
    for first:
    (A) Repair your boot volume's permissions using DiskUtility.
    (B) Verify your boot volume using DiskUtility, and if problems
    are evident it is critical that you repair them either by booting
    from your Mac OS X installation disk, then using DiskUtility to
    perform the repair, OR install AppleJack then run it while booted
    in Single User Mode.

    Why bother with this? The vast majority of problems that result
    from performing updates are due to pre-existing problems on
    computers.

    AND, after running an update it is very useful to again repair
    your permissions and again verify your boot volume. Apple have
    been very good lately about cleaning up permissions after their
    updates. But some companies, notoriously Adobe, leave behind a
    mess after their installers or updaters run.


    OTHER UPDATES TODAY:

    1) AirPort Extreme Update 2007-004:
    <http://www.apple.com/support/downloads/airportextremeupdate200700
    4.html>
    2) Safari 3.0.3 Public Beta
    <http://www.apple.com/safari/download/>


    Share and Enjoy,

    :-Derek

    --
    Fortune Magazine 11-29-05: What's your computer setup today?
    Frederick Brooks: I happily use a Macintosh. It's not been
    equalled for ease of use, and I want my computer to be a tool,
    not a challenge.
    <http://money.cnn.com/magazines/fortune/fortune_archive/2005/12/12/8363107/>
    [Frederick Brooks is the author of 'The Mythical Man Month'.
    He spearheaded the movement to modernize computer software
    engineering in 1975.]
     
    Derek Currie, Aug 1, 2007
    #1
    1. Advertisements

  2. Derek Currie

    Peter Hayes Guest

    Peter Hayes, Aug 1, 2007
    #2
    1. Advertisements


  3. I think they just fall into a generic class of buggy programs that MAY
    if you send a few years concocting just the right shape of archive,
    scribble on their stacks and cause 'interesting' behaviour..

    Mostly they will just crash though.

    The original Internet worm exploited just such an issue.

    It depended on one operating system (Ultrix IIRC), one particular
    compilation of sendmail and one type of hardware..but that was
    ubiquitous enough to crash half the internet.

    Stack underflow is an ever present risk. As long as processors have
    program and data stacks in the same place, and compilers use that stack
    for temporary data areas..and programmers continue to use unchecked data
    sizes into fixed sized buffers...
     
    The Natural Philosopher, Aug 2, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.