This article originally appeared in TidBITS on 2010-11-10 at 5:08 p.m.
The permanent URL for this article is:
Include images: Off

Mac OS X 10.6.5 Continues to Squash Bugs

by Adam C. Engst

With the just-released Mac OS X 10.6.5 [1], the latest version of Snow Leopard, Apple continues to eliminate bugs that were undoubtedly either unknown until recently or so minor that they weren’t deemed sufficiently important to address before this. Also addressed are numerous security vulnerabilities.

Feature Enhancements and Bug Fixes -- The only two functional enhancements in 10.6.5 are SSL support for transferring files with iDisk, which is a welcome nod to the need for secure connections, and raw image compatibility with additional digital cameras. For a full list, see “Mac OS X v10.6: Supported digital camera RAW formats [2].” (Also released last week was Digital Camera RAW Compatibility Update 3.4 [3], which extends raw image format compatibility to Aperture 3 and iPhoto ’09 for some new camera models.)

In fact, the details of the rest of the fixes are so specific that I can’t even see any way to group or summarize them. I recommend reading down the remaining 22-item bullet list to see if you’ve encountered any of the problems that 10.6.5 addresses.

Mac OS X Server 10.6.5 [5] includes all of the above changes, along with numerous other fixes and small enhancements to Chat Service, client management, Directory Services, Mail Service, Podcast Service, Server Admin, Software Update Service, System Image Utility, PHP, Web Calendar, Wiki Service, and Xsan. Plus, Apple has released Server Admin Tools 10.6.5 [6], with all the latest versions [7] of Apple’s administration tools.

Security Fixes -- More important, though less obvious to most Mac users, are the numerous security fixes rolled into 10.6.5, over 50 all told. Vulnerabilities were eliminated in numerous areas of the operating system, including AFP Server, AppKit, Apple Type Services, CFNetwork, Core Graphics, Core Text, Directory Services, disk image handling, the fsck_hfs application, Image Capture, ImageIO, Image RAW, the kernel, Quick Look, QuickTime, Safari RSS, Time Machine, and Mac OS X’s printing and networking subsystems.

Along with vulnerabilities closed in those parts of Apple’s code, Mac OS X 10.6.5 also rolls in updates to bundled open source software, including Apache, CUPS, gzip, neon, OpenLDAP, OpenSSL, PHP, python, X11, and xar.

Flash Player merits special attention, since Apple’s inclusion of version (the current version) addresses 56 different vulnerabilities since the previously shipped version. That’s somewhat deceptive, since Mac OS X 10.6.4 shipped with Flash Player even when was current with fixes for numerous security holes. In short, don’t depend on Apple to provide the latest version of Flash Player; it’s a huge target for security exploits and Adobe is constantly releasing new versions to address significant problems.

Three of the security changes are specific to Mac OS X Server, notably fixes to Password Server and Wiki Server, and a new version of MySQL.

As always, there’s no telling how many of the vulnerabilities, if any, have actually been exploited by scoundrels, but it’s generally a good idea to stay current with security fixes since many of them can be triggered by opening a maliciously crafted file, and there’s no way to know in advance if a file is malicious.

Downloading -- With updates to Mac OS X, it’s usually easiest to let Software Update download just the code that applies to your specific Mac and version of Mac OS X. But Apple does provide a delta installer to update 10.6.4 to 10.6.5 (for both Snow Leopard [8] and Snow Leopard Server [9]) and a much larger combo installer to update any version of 10.6 to 10.6.5 (again, for both Snow Leopard [10] and Snow Leopard Server [11]). Apple pulled the Snow Leopard Server updates briefly, but replaced them shortly after with no indication of what had changed other than a security note [12] indicating a fix to a problem with the Dovecot mail server.

As always, make sure you have a current backup before you update, and don’t interrupt the upgrade process once it has started.