Posted on 06/08/2004 10:35:58 AM PDT by Action-America
Mac Security Update Available
Fixes Reported LaunchServices Vulnerability
From what I can tell, so far, this essentially fixes the reported LaunchServices vulnerability, in much the same way as ParanoidAndroid. It also restores certain telnet functionality that was removed in the previous fix, when it was rushed out.
(Note: All of the links below will open in a new window.)
Download 900KB Security Update at:
http://www.apple.com/downloads/macosx/apple/securityupdate_2004-06-07_(_10_2_8).html
The following is an excerpt from the Apple Support site at:
http://docs.info.apple.com/article.html?artnum=61798
Security Update 2004-06-07 (Mac OS X 10.3.4 and 10.2.8)
Security Update 2004-06-07 delivers a number of security enhancements and is recommended for all Macintosh users. The purpose of this update is to increase security by alerting you when opening an application for the first time via document mappings or a web address (URL). Please see this article for more details, including a description of the new alert dialog box.
Security Update 2004-06-07 is available for the following system versions:
- Mac OS X v10.3.4 "Panther"
- Mac OS X Server v10.3.4 "Panther"
- Mac OS X v10.2.8 "Jaguar"
- Mac OS X Server v10.2.8 "Jaguar"
The following is from the Apple support site at:
http://docs.info.apple.com/article.html?artnum=25785
About Security Update 2004-06-07 |
|
An application may be automatically opened two ways: either by opening a document that is associated with the application or by clicking a link (URL) in a webpage or document. Opening an application manually or automatically You can manually open an application, such as by clicking its icon in the Dock; or the application may open automatically, such as when you click a link or open a document associated with the application. For example: You open Safari manually if you double-click its icon in the Applications folder or click its icon in the Dock. Safari opens automatically if you open a document such as "mypage.html", or click an "http://" link that's in a document. How does Mac OS X know which application to open automatically? This is done by association (or "mapping"). Mac OS X associates each major type of document (such as text, pictures, movies, and webpages) and each major type of link (such as "http://") with a particular application. When you open a document or click a link, it automatically opens in the associated application. If you encounter a document or link type that is not associated with an application installed on your computer, Mac OS X asks you to choose which application to open it with. In the example, webpages (.html) and Web links ("http://") are both associated with Safari by default. Tip: You can change the application associated with a type of document in the Info window. In some cases you can use application preferences, such as the Default Web Browser preference in Safari. A warning for new applications When you open an application manually, you are making an explicit choice to do so. But when you open a document, it may not be clear which application will be used. If you click an untrustworthy link, it may try to automatically open a downloaded application designed to cause harm to the system. The feature provided by Security Update 2004-06-07 alerts you if an application that is automatically opening hasn't already been opened, either manually or by consent to this warning dialog:
You can either open the application or cancel the attempt, which is appropriate if you don't recognize or trust the application. Once an application has been opened, this message will not appear again for that particular application. Applications included with your computer are considered "trusted" and will not trigger the warning panel. |
The fact that Macs can have such vulnerabilities only proves the truism cited by "Doc" Smith and paraphrased here:
"Any security measure that can be invented by the mind of man, can be circumvented by
the mind of man." --- E. E. "Doc" Smith - First Lensman (1950)
On the other hand:
"Any security measure that can be invented by Microsoft, can likely be circumvented by a
determined 8-year old." --- (common knowledge)
Apple ping.
Mac Security Update Available
Fixes Reported LaunchServices Vulnerability
Please PING any Mac users that you know, who have not been pinged above.
The day that there are a sufficient number of mac's running in the World that will make it worth a dedicated and determined hacker's time is the day that mac's will become vulnerable....it ain't the quality, it's the quantity....you can take it to the bank.......B.O.
I'll stay away from your bank, thanks.
Actually, it's both, plus the talent of the administrator. There are far more Apache servers out there than IIS, yet you don't hear about many hacks as opposed to the plethora of IIS hacks I've heard of. There goes quantity=hackability.
There are over 10 million OS X clients out there, and all we've heard about is one guy downloading and running a malicious program he found on a P2P network (Duh! alert). Not only that, but the core of OS X is a very widely used operating system, FreeBSD, yet none of the security issues so far are FreeBSD-related.
Once again (actually, it never lost it), Macs can claim far better security than Microsoft Windows in any variety PING!!!
As usual, if you want to be included on the Macintosh Ping list, Freepmail me... and vice verse...
For the record, Unsanity says that if you're using ParanoidAndroid, you can trash it once you've installed this update.
With two out of three PEECEEs fatally infected [Win XP - naturally, and Win 98 SP#1], I will be acquiring an eMac [$999] version next week...priority is to get a "cheap" warm puppy [keep her a week...return her if your CHILDREN are dissatisfied...]
I figure it is ALL down hill [or UPHILL from there!!! ]
Please add me to your Mac ping list. Thanks!
bump and thanks!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.