Apple Releases Mac OS X 10.3.9 Update
OmniVector writes "Right after the Mac OS X 10.4 Tiger announcement just a few days ago, Apple has released an update to version 10.3.9 for Mac OS X and Mac OS X Server (both available via Software Update). The changes mostly include bugfixes with Stickies, Safari, and the Finder." The Server update also addresses issues with Open Directory, cyrus, AFP, and SMB, among others. Apple also updated iMovie, iPhoto, iDVD, and iSight this week.
It seems as if this update fixed the sensitivity problems with my PowerBook trackpad. I have a 1.67Ghz PB with the new trackpad that supports the vertical/horizontal scrolling stuff and it has always been far less sensitive than my old PB -- until I rebooted after this update. Cool!
Although the Safari upgrade re-added Apple, Amazon, eBay, etc. links to my bookmark bar. That was sort of annoying, but easy enough to fix.
Hexy - a strategy game for iPhone/iPod Touch
Hey has anyone else found that java apps stop working. I can't get Eclipse or FurtherNET to start.
Are any of you getting a segfault when running java from the Terminal?
Anyone have this problem and found a fix? I'm out of ideas.
The light sensor in my Powerbook isn't going nuts changing my screen brightness anymore. Maybe this issue has been fixed too. I'm not in fluorescent lighting to give it a good test though.
I discovered this vulnerability, and i can confirm that Apple is indeed starting to think in zone separation paths...
I have written a detailed advisory about the problem (Apple conveniently "forgot" to link to it). Apple allows XMLHttpRequest more privileges when running from a file: URL than from http:. This created a problem combined with the fact that disk images are automatically mounted with predictable paths and that Safari did not enforce separation between the http: and file: zones.
Apple took the approach of separating the zones instead of limiting XMLHttpRequest access from file: URLs.
Note that Konqueror is already separating zones, and also allows file: URLs to use XMLHttpRequest to access local resources.
I don't know if there are any other instances where the local zone is given higher privileges than the Internet zone. That's something for future research. If you haven't already updated, feel free to test the demo exploit on the advisory page.