Security Update 2013-001

Discussion in 'Apple' started by JF Mezei, Mar 16, 2013.

  1. JF Mezei

    JF Mezei Guest

    Am on Snow Leopard.

    Software update, whcih has offreed a constant stream of JAVA updates of
    late is now offering Security Update 2013-001 and points to:

    http://support.apple.com/kb/HT1222

    For more information. But that page contains no mention of this security
    update.

    Is there a way to find out what it is about ?

    Is there a way for me to unoack it from wherever it has been downloaded
    and examine its contents ?

    Reason: since Snow Leopard is no longer expected to get upgrades, I have
    aready begun to upgrade components on my server with more recent
    versions of middleware. If this sexurity update affects, those I want to
    know before I run it.
     
    JF Mezei, Mar 16, 2013
    #1
    1. Advertisements

  2. JF Mezei

    billy Guest

    Sure it does, in the second item listed -

    OS X Mountain Lion v10.8.3 and Security Update 2013-001
    http://support.apple.com/kb/HT5672

    You could also subscribe to Apple's Product Security
    (security-announce) mailing list and get the info that
    way.

    Billy Y..
     
    billy, Mar 16, 2013
    #2
    1. Advertisements

  3. JF Mezei

    SK Guest

    Download:
    For Mac OS X v10.6.8
    The download file is named: SecUpd2013-001.dmg
    Its SHA-1 digest is: dc52d0f7d2db6080c57c7b9252a4d85c5e178450

    (http://support.apple.com/downloads/)

    Open the file and the .pkg. When you see the installation menu press
    CMD-I (show files).

    SK.
     
    SK, Mar 16, 2013
    #3
  4. JF Mezei

    JF Mezei Guest

    The second item at http://support.apple.com/kb/HT1222 I see:
    Java for OS X 2013-001 and Java for Mac OS X v10.6 Update 13

    It points to: http://support.apple.com/kb/HT5666
    Doesnt say "Security Update" for me.



    But Software Update says "Security Update" without any mention of Java.

    Out of curiosity, of the many Java updates I have been getting lately,
    none required a reboot. But this one does ?

    This is getting to be a bit ridiculous with Java updates all the time.
    Also surprised that it would show this update supposedly released Feb 19
    only today for me, even though I seem pretty sure to have received Java
    updates since then.
     
    JF Mezei, Mar 16, 2013
    #4
  5. JF Mezei

    David Empson Guest

    The HT1222 page is usually updated a day or two after the update becomes
    available. It may vary between people depending on how fast changes
    propagate to your local node of the Akamai distributed server network.

    The security fixes are listed in Apple's security announcment e-mail,
    which I got within about an hour of the update being released. Those
    notes will eventually appear in HT1222.

    The copy of HT1222 I see now does have a link to this page, which has
    full details:

    http://support.apple.com/kb/HT5672
    If you want to get more prompt notification of what security fixes are
    in Apple's updates, go to http://lists.apple.com, locate the
    "Security-announce" list, and subscribe to it.
    This might have been the last security update for 10.6.8, or there might
    be one more. It depends on whether Apple does any more minor updates or
    security updates for 10.8 before 10.9 is released, and even then, there
    might still be one more batch of security updates for Snow Leopard.

    A final security update around two or three months from now would give
    Snow Leopard about the same support timeframe for security updates as
    Leopard and Tiger got.

    Alternatively, Apple might keep doing security updates a little while
    after 10.9, until Snow Leopard's usage drops to a small enough
    proportion of the installed base that Apple thinks it can get away with
    no longer supplying security updates.

    It appears that Apple has stopped fixing security issues in Safari 5.x
    on Snow Leopard and Windows, which is surprising.
    Components Apple list as having updated on 10.6.8 Server: Apache
    (speficially mod_hfs_apple), International Components for Unicode,
    ImageIO, Jabber server, PDFKit, Podcast Producer Server (specifically
    its copy of Ruby on Rails), PostgreSQL, QuickTime, Ruby on Rails,
    disallowed some SSL certificates from a particular CA, Software Update,
    Malware removal tool.
     
    David Empson, Mar 16, 2013
    #5
  6. JF Mezei

    David Empson Guest

    That won't tell you much about what changed in just the latest security
    update, because it includes everything updated in all prior security
    updates back to 10.6.8. You'd have to compare it with the previous
    security update if you wanted to know just what changed in this update.

    On the other hand, installing this security update would probably try to
    patch or replace all the files listed, even if they weren't changed from
    the previous security update. If JF Mezei has been replacing
    Apple-supplied open source components of Mac OS X Server with separate
    builds, any security update may interfere with them.

    It is probably better to disable Apple's version of the component and
    install a separately built one in a different location, perhaps via
    something like MacPorts or Fink which can manage packages. Depending on
    the component, you may lose the ability to configure it via Server
    Admin/Preferences.
     
    David Empson, Mar 16, 2013
    #6
  7. JF Mezei

    JF Mezei Guest

    OK, this was updated to have 2 entries from March 14th, and one is:

    OS X Mountain Lion v10.8.3 and Security Update 2013-001

    Sor of interesting that Apple releases a new version of Mountain Lion
    which is essentially a Security Update AND a Security Update.

    Couldn't it have been Security Update 2013-001 that applied to
    everything from 10.6.8 to 10.8.2 ?
    Since you live a day ahead of us I guess you get the updated content a
    day before us :) :) :)


    Looks like Apple has made a number of fixes. Just wish it could be
    installed now, and kick in at next reboot instead of forcing reboot now.
     
    JF Mezei, Mar 16, 2013
    #7
  8. JF Mezei

    David Empson Guest

    10.8.3 includes a lot more changes than just security updates.

    How long have you been using Mac OS X? (Though I suppose if you are
    still running Snow Leopard as your latest OS, you might have started to
    forget these details.)

    As far back as I recall, the pattern is:

    - Apple releases a new minor version of the latest OS. It includes
    security fixes, general bug fixes and sometimes minor new features or
    tweaks to existing features.

    - At the same time they release a security update for the previous major
    version of OS X.

    - Now that they are doing annual releases of major versions, they
    usually also release a security update for the second previous major
    version of OS X.

    - There are also security updates for the server editions of the
    supported major versions. (This now only applies to 10.7 and earlier,
    since the Server component is distributed and updated independently for
    10.8 and presumably future OS X versions.)

    Some of the security fixes apply to all the versions and variants, so
    are included in all the updates. Other security fixes only apply to some
    versions or variants, so they are included in the appropriate updates
    (the security update usually has a note if that particular security fix
    is not applicable to later versions).

    The description page linked from HT1222 (or the e-mail from
    Security-announce) only lists the security changes. It doesn't describe
    the other changes in the latest minor version of OS X (the other changes
    Apple feel worthy of note are described in a different page, which is
    linked from the manual download page, and is also displayed by Software
    Update or App Store.

    On occasion, Apple releases a pure security update for the latest OS
    (between minor versions), and it often has variants for the still
    supported earlier OS versions (and server variants).
    No, because the security update patches or replaces the specific version
    of the original files which are present in each major OS version, which
    may not be the same. Each variant of the security update checks that it
    is being installed on the correct specific major/minor version and
    client/server variant of the OS.
    Hardly. I sometimes have to wait several hours before I can see updated
    pages at Apple.
     
    David Empson, Mar 16, 2013
    #8
  9. JF Mezei

    JF Mezei Guest


    I had gotten used to Snow Leopard not gettting any updates except for
    iTunes. One tends to forget the processes quickly.

    Then, all of a sudden, a month or two ago, I started to get frequent
    Java updates (lost track of how many) but those didn't require a reboot
    (nor restarting browser) so you install them right away and no need to
    plan a reboot for when it is convenient.
     
    JF Mezei, Mar 16, 2013
    #9
  10. Salut JF

    <http://support.apple.com/kb/HT1222>

    the 1st item in the security updates table shows "Safari 6.0.3" to me
    The 2nd item "OS X Maountain Lion v10.8.3 and Security Update 2013-001"
    The 3rd item "Java for OS X 2013-002 and Java for MacOSX v.10.6 Update
    13"

    The first two are dated 14 Mar 2013.

    The item with "Security Update 2013-001" in the link title is the one
    that you are interested in, on whatever position it stands on the page
    _you_ are looking at, and it should be dated 2013_03_14 ;-)

    Cheers
    Andreas
     
    Andreas Rutishauser, Mar 17, 2013
    #10
  11. JF Mezei

    JF Mezei Guest


    The page was updated after I posted the original message. At the time I
    got the software update notice, the web page had a 2013-001 java related
    security update dated february 19th. This was the second item on the
    list. But this was because the list had not yet been updated for me.

    Today, it shows it as you (and David Empson) mentioned.
     
    JF Mezei, Mar 17, 2013
    #11
  12. JF Mezei

    Paul Sture Guest

    The version of Xcode which came down once 10.8.3 was installed
    specifically mentioned updates for the 10.8.3 SDK, so I assume that
    10.8.3 brought extra features as well as security updates.
     
    Paul Sture, Mar 17, 2013
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.