InsaneJournal

Tweak says, "It's all in the reflexes."

dkmnow (dkmnow) wrote in macintosh,
@ 2007-12-23 23:54:00

Security Update 2007-009 v1.oops!
An update of the latest update is now out for OSX 10.4.11 and 10.5.1, Intel and PPC.

They say this is only to correct a problem with Safari crashing on certain websites. However, it should be remembered that they do not report major security flaws to the public, "for the protection of our customers," they say. IOW, if there were a major flaw, and we don't do the security update, we likely won't know until our security has been compromised. So presumably, it's best to just bite the bullet and do as we're told (ugh!). Yeah, maybe it's just Safari like they say, in which case, I wouldn't care or even notice. Or maybe it's some enormous flaw just begging for hacker exploits. Or maybe they've got some hot new stealth nannyware lurking within the update. Who knows. We may love our 'puters, but Apple is still Corporate America, after all...

So, I'm customarily ambivalent, but I'll be updating, and you probably should too.

There had been some reports of the first update (2007-009) causing MacBook keyboard seizures, but I've seen a few reports that it's been fixed in this update-update. We'll see.

Use Software Update as usual, or download standalone installers from:

Security Update 2007-009 1.1 (10.4.11 Universal) - 27.4 MB
Security Update 2007-009 1.1 (10.4.11 PPC) - 15.9 MB
Security Update 2007-009 1.1 (10.5.1) - 35.6 MB

Oh, while browsing, I also noticed this recent addition:

"MacBook, MacBook Pro Software Update 1.1 12/18/2007 979 KB
This update addresses a responsiveness issue on MacBook and MacBook Pro notebook computers."

Good luck...and Merry Whatever!

;-p

Ads by Project Wonderful! Your ad here, right now: $0

(Post a new comment)

mathteacher
2007-12-24 06:04 am UTC (link)

i no longer have the email that i got a few days ago that had at least some details, but if you want a better shot at knowing exactly what impact various newfound security holes have, your best bet is to subscribe to one of the major alerting email lists, like the one from http://www.us-cert.gov/ -- they tend to post some serious description of the possible impact of the issue and what's being patched (and the alerts are for more than just OSX).

(Reply to this) (Thread)

mathteacher
2007-12-24 06:06 am UTC (link)

er, actually, the text from the US CERT site about the Apple update says, in part:

The impacts of these vulnerabilities include arbitrary code execution, denial of service, information disclosure, cross-site scripting, privilege escalation, and authentication bypass.

(Reply to this) (Parent) (Thread)

dkmnow
2007-12-24 06:19 am UTC (link)

Hm. Looks like their listing is for the first issue of 2007-009 only. V 1.1 was released a few days later. S'pose they don't consider the revision worth mentioning. Hopefully that's good news, i.e., it was just Safari.

On first glance, they're just giving the standard-issue warning, same as Apple does. Of course, e-mail alerts are always good. But I wonder if US-CERT would publish any more than what Apple tells them.

(Reply to this) (Parent) (Thread)

	mathteacher 2007-12-24 06:23 am UTC (link)
	oops, i didn't catch the versioning thing. i do know that the potential impact list is not boilerplate and does vary from issue to issue, though US CERT is more likely than some other security lists to pass along a vendor-issued alert with only minimal additional info. (Reply to this) (Parent) (Thread)

	dkmnow 2007-12-24 06:31 am UTC (link)
	Yeah, digging through comments at MacRumors and such usually leads to a lot more candor, a portion of which will have some ring of truth. One need only remember that it's at least 50% flapdoodle and/or grudgewank. :-p (Reply to this) (Parent)

	dkmnow 2007-12-24 06:10 am UTC (link)
	Ah-ha. That looks like a good one for the links list. Thanks! :-) (Reply to this) (Parent) (Thread)

mathteacher
2007-12-24 06:21 am UTC (link)

ahh, if i'd known/remembered there was a link list... it should also have a link to TekServe (http://tekserve.com/), probably the best mac service place on earth (certainly the best non-apple-owned one; i'm somewhat biased, since i worked there once, a while ago) and to the page about the TekServe FAQ (http://tekserve.com/about/faq.html), an awesome printed booklet containing lots of nice mac advice and help and info and whatnot.

(Reply to this) (Parent) (Thread)

	dkmnow 2007-12-24 06:25 am UTC (link)
	Biased! NOOOOO! :-D I'll check 'em out. Thanks! (Reply to this) (Parent)

	angeldove 2007-12-24 06:13 am UTC (link)
	My husband is giving me a MacBook this Christmas. Haven't open it yet, till the 25th I guess. But thanks for this info. I will come back here again if I see any problem with mine. Thanks!!! Merry Christmas to you too. (Reply to this) (Thread)

	dkmnow 2007-12-24 06:22 am UTC (link)
	I get lumps of coal. And that's when I've been good. ;-) (Reply to this) (Parent) (Thread)

	angeldove 2007-12-24 06:24 am UTC (link)
	There must be "special" kinds of coal. The rare one. :P (Reply to this) (Parent) (Thread)

	dkmnow 2007-12-24 06:26 am UTC (link)
	Not in MY stocking, there ain't! XD (Reply to this) (Parent) (Thread)

	angeldove 2007-12-24 09:49 pm UTC (link)
	Guess you see one, you see them all. :P Well, if you have that much coal, pass it around here. I can use them for my fireplace. grin (Reply to this) (Parent) (Thread)

	dkmnow 2007-12-25 08:19 am UTC (link)
	Nope, any coal that comes into my possession, I put it back in the ground where it belongs. :-D (Reply to this) (Parent)

empink
2007-12-24 04:36 pm UTC (link)

Chiming in for the first time to say that the macbook/pro software update is supposed to fix an issue where the keyboard and/or the trackpad of macbooks with Leopard on them would freeze up and stop responding for various lengths of time.

As I recently had my first brush with that problem a couple weeks ago, I hope installing that update will have fixed things, but since I haven't had a resurgence of that problem since the first time it happens, it could have fixed things just fine for all I know. I've also heard of other people still having keyboard issues, but since the person I heard from about that said it might be a hardware issue, there's no way to tell if it's the same exact problem afflicting everyone who's had it.

(Reply to this) (Thread)

	dkmnow 2007-12-24 04:48 pm UTC (link)
	Correct about the macbook/pro update. It was issued the same day as the original security update, and I suspect many of the reported freezes were people who had installed the latter but not the former. As for your machine, yeah, it's hard to say under those circumstances. Here's hoping it goes well. (Reply to this) (Parent)