ColdFusion Posted April 20, 2007 Share Posted April 20, 2007 Apple has released their second biggest security update of the year, covering 25 vulnerabilities in 20 components. Most of the vulnerabilities could allow an attacker to execute malicious code, although no exploits have been reported so far. Components at risk include iChat, fetchmail and Libinfo. Apple has also addressed an issue with the Login Window that would allow the local user to obtain system privileges and execute arbitrary code. You can learn more about the vulnerabilities here. Early indications suggest that the update is safe to run on OSX86 installations. Link to comment Share on other sites More sharing options...
cringemaster Posted April 20, 2007 Share Posted April 20, 2007 Just started to downloading it... At least this stuff gets caught before it becomes an issue. Link to comment Share on other sites More sharing options...
Xenctuary Posted April 20, 2007 Share Posted April 20, 2007 Updating my iMac now, thanks for the heads up! Link to comment Share on other sites More sharing options...
errandwolfe Posted April 20, 2007 Share Posted April 20, 2007 Installed with no problems (except an extra reboot after initial install) on my desktop. Specs are in my sig. Link to comment Share on other sites More sharing options...
tomozj Posted April 20, 2007 Share Posted April 20, 2007 Meh, I actually found a similar exploit with the login window... I won't mention more about it - I'll go report. Forgot about that one lol. Thanks for the info on the update -tj Link to comment Share on other sites More sharing options...
Takuro Posted April 20, 2007 Share Posted April 20, 2007 Does anybody know that if it fixes login window vulnerabilities that it actually updates the binary file in loginwindow.app/contents/resources/macos/loginwindow? I have to use the Netkas patch for the 10.4.9 loginwindow, so I'm wondering if I'll have to reapply it. Link to comment Share on other sites More sharing options...
tomozj Posted April 20, 2007 Share Posted April 20, 2007 Well I found a bug that allowed me to run scripts under root in the loginwindow. I guess it fixes stuff in that area. If you're using remote desktop, then patch it -tj Link to comment Share on other sites More sharing options...
mac.nub Posted April 21, 2007 Share Posted April 21, 2007 Thanks! Updating my Hackintosh now Edit: I can confirm that this worked fine on my Dell Inspiron 6400. Link to comment Share on other sites More sharing options...
Ferret-Simpson Posted April 21, 2007 Share Posted April 21, 2007 Testing. Seeyou ina sec! Link to comment Share on other sites More sharing options...
maculas Posted April 22, 2007 Share Posted April 22, 2007 Just installed! Works great! 1 extra reboot and it was ready for use! No problems at all, just back up your 10.4.4 login fix! Link to comment Share on other sites More sharing options...
Zulu.Walker Posted April 23, 2007 Share Posted April 23, 2007 Security Update fixed some vulnerabilities that I was trying to track down for quite some time since I updated to 10.4.9. Now I have a cleaner console log output. Works great. Link to comment Share on other sites More sharing options...
Recommended Posts