NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0435 Apple Update Patches Critical MAC Flaws:
Apple released a relatively large security update on 18MAR08 that patched at least 80
vulnerabilities in its TIGER and LEOPARD operating systems, many of which were critical.
The updates reportedly addressed bugs in both desktop and server components, several of
which allow attackers to remotely execute malicious code on a victim's machine. Vulnerable
components include the Mac implementation of OpenSSH, Apache, CUPS, Kerberos, and ClamAV.
The Help Viewer and core networking features also were patched.
The patches amounted to over 105MB, which does not include a separate 25MB file that installs
version 3.1 of Apple's SAFARI browser.
(www.theregister.co.uk 19MAR08)
Discussion boards are hosting new reports of secure shell (SSH) and printer problems caused
by Apple's MAC OS/X Security Update 2008-002 released 18MAR08, according to a blog posting.
Incompatibility between the update and certain software reportedly can cause SSH and other
programs to crash on LEOPARD machines. Rogue Amoeba Software released a compatibility fix
for its INSTANT HIJACK component that is often installed by the company's AIRFOIL, AUDIO
HIJACK PRO, and NICECAST applications. The company suggested that users download the updates
to its programs.
Users also complained that printing had stopped after installing the security patch and that
repairing permissions did not resolve the problem. Some users said that deleting the
/usr/libexec/cups/filter/pstops file (or replacing it from a backup) fixed the problem;
others said that reinstalling the Combo 10.5.2 Updater also worked.
(http://blogs.zdnet.com 19MAR08)