Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Update 2003-08-14 Released

Posted by pudge on from the if-you-can-read-this-you-are-not-in-nyc dept.

Delta-9 writes "Today, Apple released Security Update 2003-08-14, which 'addresses a potential vulnerability in the fb_realpath() function which could allow a local or remote user to gain unauthorized root privileges to a system.'" It's on Software Update, and will likely soon appear on the support downloads page.

5 of 63 comments (clear)

  1. Good work Apple by wyvern5 · · Score: 5, Interesting

    Nice to see Apple is responding more quickly to security problems. I didn't even hear about this through my regular channels until after I had seen the update in Software Update.

    --
    -- Apple: Where Microsoft wants to go today.
  2. Odd Side Effect?! by juniormaj · · Score: 3, Interesting

    I've posted this elsewhere, also. I know this seems odd, but imagine my surprise. In my home/Documents folder I have a subfolder named "Unstuffed". I have dircted Stuffit to place all of its results in this folder. It's been there for over a year. After running todays security update the subfolder was renamed "Documents", and a file called "Documents.1" was created in the original "Documents" folder. So now, in my home/Documents folder I have a subfolder called "Documents" (with the contents of the old "Unstuffed" folder) and a strange zero k file called "Documents.1". Never seen that happen before.

  3. OSX 10.1.5? by HSpirit · · Score: 3, Interesting

    My reading of the issue on the FreeBSD advisory is that it is likely 10.1.x is affected by this too.

    Can anyone confirm?

    Is a fix from Apple likely? I would find it very disappointing if Apple have stopped issuing security fixes for this OS - even Microsoft support their previous generation products (Windows 2000 Professional, for example).

    If not, given this affects the (open-source) Darwin core of the OS, is a patch to the affected library/ies a possibility?

  4. Reboot Reqired (sigh) by Jeremy+Erwin · · Score: 3, Interesting

    Another update, another reboot. Sigh.. When is Apple going to stop requiring reboots?
    And they do require them,as I discovered last night. I wanted to install 10.2.0 on another machine. Rather than try to download a whopping 100Megs of updates, I would use the 6 mini updates I already had to upgrade the computer to 10.2.6. And rather than repeat the install-reboot cycle a half dozen times, I would mount the other machine as a Firewire drive on my 10.2.6 machine. No reboots required, right?

    Well, half an hour later, with the 10.2.6 upgrades installed, I boot up. Nothing except a grey screen with an Apple logo. No cyclic symbol. The only way to solve the problem was to reinstall 10.2.0, and upgrade piecemeal, rebooting each time.

    1. Re:Reboot Reqired (sigh) by mkldev · · Score: 4, Interesting
      I tend to ignore the request to reboot and simply force-quit the installer, then continue working until it is convenient to reboot (which may or may not be that day). The only exception is when I'm installing a new device driver. To make the device driver usable, I do a "sudo kill -HUP xxx" where xxx is the PID of kextd.

      In the case of a security update that changes libraries, though, it's prudent to reboot, or at least shut down any daemon processes and restart them.... Anything newly launched will be bound to the new library, but anything already running will continue using the old one, hence any program that uses the buggy function needs to be restarted. A reboot is certainly the easiest way. :-)

      --
      120 character sigs suck. Make it 250.