Security Updates, Notices for Mac OS X

← Back to Stories (view on slashdot.org)

Security Updates, Notices for Mac OS X

Posted by pudge on Monday May 3, 2004 @11:05AM from the happy-update-monday dept.

Myrrh writes "eEye reports they discovered a heap overflow in QuickTime 6.5, which 'allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code.' Now's a swell time to visit Apple and download the updates for both programs." Also, Apple today released Security Update 2004-05-03, which includes updates for AFP Server, CoreFoundation, and IPSec, and is, like the QuickTime 6.5.1 update, available via Software Update.

8 of 74 comments (clear)

Min score:

Reason:

Sort:

Re:bad updates by 47Ronin · 2004-05-03 12:40 · Score: 2, Insightful

I've run security updates on dozens of Macs over the last two years and have yet to see one break anything. This isn't like Microsoft Windows, y'know

--
Those who laugh at you for you having a Mac.. are the people who constantly call you to fix their PC.
Re:AFS server issue is a remote root vulnerability by sld126 · 2004-05-03 12:51 · Score: 2, Insightful

Interesting that AFP has a remote root exploit, considering you can't even log in as root via AFP. Admin yes, root no, not in any version of OS X.

I'm not calling bullshit, but the air smells kind of funny here...

--
You're just jealous because the voices only talk to me.
Re:AFS server issue is a remote root vulnerability by sld126 · 2004-05-03 13:12 · Score: 2, Insightful

So, if you use the GUI as the remote login, you can't. But if you use mount_afp with an oversized login name, you can?

--
You're just jealous because the voices only talk to me.
Re:Anyone else have this problem with QT for Win? by fyonn · 2004-05-03 19:08 · Score: 2, Insightful

perhaps he's doing server development on his desktop? just cos he's running a server version of the OS doesn't mean his machine is actually the PDC and should be locked away in a room. maybe there is some feature in the server version he needs on his desktop. it's not like it doesn't make an acceptable desktop (assuming you're a windows fan)

dave
Re:In fairness, though by DAldredge · 2004-05-04 03:14 · Score: 2, Insightful

Only if you leave out MVS.
Re:Anyone else have this problem with QT for Win? by Jeremy+Erwin · 2004-05-04 03:18 · Score: 2, Insightful

The difference between a workstation and a server is an artificial one-- a marketer's delineation, designed to extract the largest amount of cash out of a customer base.

Sorry. If you want the extra CPU utilized, buy the server edition. If you want to serve files to more than 5 users, buy the server edition. If you want to host a database, buy the server edition.

The limitations are enough to make someone try linux-- where the border between server and workstation is a bit more fluid.
Re:bad updates by lullabud · 2004-05-04 04:42 · Score: 3, Insightful

Please show one Windows update that erased your entire hard drive (like iTunes), or prevented it from booting (like iTunes for Windows and one OS-X update), or any of the other SEVERE issues that Apple continually has with updates.
It was either the IE 5 or IE 5.5 update on win98 that corrupted the OS so that it needed to be reloaded. When I worked at Gateway we told people NOT to update their browsers if they weren't having problems because we were sick of having to FFR (Fdisk, Format, Reload) people's systems when the patch made their systems unbootable.
Re:Uh oh by lullabud · 2004-05-04 04:49 · Score: 2, Insightful

If you boot to the OS X install CD there will be an "Options" button that you can check which will give you the option to move the old system to a different folder, install a new system and then re-import all the user-specific settings that you had previously.

Windows never had an reinstall option like that...