Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Mac Security Update Available - Fixes LaunchServices Vulnerability
Apple Support Web Site ^ | 6/7/4 | Apple Support

Posted on 06/08/2004 10:35:58 AM PDT by Action-America

Mac Security Update Available
Fixes Reported LaunchServices Vulnerability

From what I can tell, so far, this essentially fixes the reported LaunchServices vulnerability, in much the same way as ParanoidAndroid. It also restores certain telnet functionality that was removed in the previous fix, when it was rushed out.

(Note: All of the links below will open in a new window.)

Download 900KB Security Update at:
http://www.apple.com/downloads/macosx/apple/securityupdate_2004-06-07_(_10_2_8).html

The following is an excerpt from the Apple Support site at:
http://docs.info.apple.com/article.html?artnum=61798


Security Update 2004-06-07 (Mac OS X 10.3.4 and 10.2.8)

Security Update 2004-06-07 delivers a number of security enhancements and is recommended for all Macintosh users. The purpose of this update is to increase security by alerting you when opening an application for the first time via document mappings or a web address (URL). Please see this article for more details, including a description of the new alert dialog box.

Security Update 2004-06-07 is available for the following system versions:
- Mac OS X v10.3.4 "Panther"
- Mac OS X Server v10.3.4 "Panther"
- Mac OS X v10.2.8 "Jaguar"
- Mac OS X Server v10.2.8 "Jaguar"


The following is from the Apple support site at:
http://docs.info.apple.com/article.html?artnum=25785


About Security Update 2004-06-07


Security Update 2004-06-07 increases security when automatically opening an application for the first time.

An application may be automatically opened two ways: either by opening a document that is associated with the application or by clicking a link (URL) in a webpage or document.

Opening an application manually or automatically

You can manually open an application, such as by clicking its icon in the Dock; or the application may open automatically, such as when you click a link or open a document associated with the application.

For example: You open Safari manually if you double-click its icon in the Applications folder or click its icon in the Dock. Safari opens automatically if you open a document such as "mypage.html", or click an "http://" link that's in a document.

How does Mac OS X know which application to open automatically?

This is done by association (or "mapping"). Mac OS X associates each major type of document (such as text, pictures, movies, and webpages) and each major type of link (such as "http://") with a particular application. When you open a document or click a link, it automatically opens in the associated application. If you encounter a document or link type that is not associated with an application installed on your computer, Mac OS X asks you to choose which application to open it with. In the example, webpages (.html) and Web links ("http://") are both associated with Safari by default.

Tip: You can change the application associated with a type of document in the Info window. In some cases you can use application preferences, such as the Default Web Browser preference in Safari.

A warning for new applications

When you open an application manually, you are making an explicit choice to do so. But when you open a document, it may not be clear which application will be used. If you click an untrustworthy link, it may try to automatically open a downloaded application designed to cause harm to the system. The feature provided by Security Update 2004-06-07 alerts you if an application that is automatically opening hasn't already been opened, either manually or by consent to this warning dialog:

 

 

You can either open the application or cancel the attempt, which is appropriate if you don't recognize or trust the application.

Once an application has been opened, this message will not appear again for that particular application.

Applications included with your computer are considered "trusted" and will not trigger the warning panel.



The fact that Macs can have such vulnerabilities only proves the truism cited by "Doc" Smith and paraphrased here:

"Any security measure that can be invented by the mind of man, can be circumvented by
the mind of man." --- E. E. "Doc" Smith - First Lensman (1950)

On the other hand:

"Any security measure that can be invented by Microsoft, can likely be circumvented by a
determined 8-year old." --- (common knowledge)

 


TOPICS: Miscellaneous; Technical
KEYWORDS: apple; launchservices; lowqualitycrap; mac; osx; security; update

1 posted on 06/08/2004 10:36:01 AM PDT by Action-America
[ Post Reply | Private Reply | View Replies]

To: Swordmaker

Apple ping.


2 posted on 06/08/2004 10:38:22 AM PDT by Salo (I know that for America there will always be a bright dawn ahead. - R. Reagan. RIP, Mr. President.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker; IncPen; antiRepublicrat; LasVegasMac; TechJunkYard; eno_; zeugma

Mac Security Update Available
Fixes Reported LaunchServices Vulnerability

Please PING any Mac users that you know, who have not been pinged above.

3 posted on 06/08/2004 10:43:38 AM PDT by Action-America (Best President: Reagan * Worst President: Klinton * Worst GOP President: Dubya)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Action-America

The day that there are a sufficient number of mac's running in the World that will make it worth a dedicated and determined hacker's time is the day that mac's will become vulnerable....it ain't the quality, it's the quantity....you can take it to the bank.......B.O.


4 posted on 06/08/2004 10:48:34 AM PDT by B.O. Plenty (god.....I hate politicians)
[ Post Reply | Private Reply | To 1 | View Replies]

To: B.O. Plenty
Right.
Which is why Microsoft web servers are hacked so much more often than Unix / Linux ones, even though the population is about the same.

I'll stay away from your bank, thanks.

5 posted on 06/08/2004 11:04:01 AM PDT by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: B.O. Plenty
it ain't the quality, it's the quantity....you can take it to the bank.

Actually, it's both, plus the talent of the administrator. There are far more Apache servers out there than IIS, yet you don't hear about many hacks as opposed to the plethora of IIS hacks I've heard of. There goes quantity=hackability.

There are over 10 million OS X clients out there, and all we've heard about is one guy downloading and running a malicious program he found on a P2P network (Duh! alert). Not only that, but the core of OS X is a very widely used operating system, FreeBSD, yet none of the security issues so far are FreeBSD-related.

6 posted on 06/08/2004 1:05:15 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 4 | View Replies]

To: Bush2000; antiRepublicrat; LasVegasMac; Action-America; eno_; N3WBI3; zeugma; TechJunkYard; ...

Once again (actually, it never lost it), Macs can claim far better security than Microsoft Windows in any variety PING!!!

As usual, if you want to be included on the Macintosh Ping list, Freepmail me... and vice verse...


7 posted on 06/08/2004 6:57:40 PM PDT by Swordmaker (This tagline shut down for renovations and repairs. Re-open June of 2001.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Action-America

For the record, Unsanity says that if you're using ParanoidAndroid, you can trash it once you've installed this update.


8 posted on 06/08/2004 7:00:05 PM PDT by Dont Mention the War
[ Post Reply | Private Reply | To 1 | View Replies]

To: Action-America; Swordmaker; All
Please PING any Mac users that you know, who have not been pinged above.

With two out of three PEECEEs fatally infected [Win XP - naturally, and Win 98 SP#1], I will be acquiring an eMac [$999] version next week...priority is to get a "cheap" warm puppy [keep her a week...return her if your CHILDREN are dissatisfied...]

I figure it is ALL down hill [or UPHILL from there!!! ]

9 posted on 06/08/2004 11:53:21 PM PDT by Lael (Patent Law...not a single Supreme Court Justice is qualified to take the PTO Bar Exam!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker

Please add me to your Mac ping list. Thanks!


10 posted on 06/09/2004 12:02:07 AM PDT by Jen
[ Post Reply | Private Reply | To 7 | View Replies]

To: Swordmaker

bump and thanks!


11 posted on 06/09/2004 1:55:28 AM PDT by lainde (Heads up...We're coming and we've got tongue blades!!)
[ Post Reply | Private Reply | To 7 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson