This article originally appeared in TidBITS on 2012-02-03 at 6:44 a.m.
The permanent URL for this article is: http://tidbits.com/article/12768
Include images: Off

Security Update 2012-001 1.1 No Longer Kills Rosetta Apps

by Adam C. Engst

Apple’s initial release of Security Update 2012-001 for Mac OS X 10.6 Snow Leopard caused massive problems for many people who have continued to run Snow Leopard over 10.7 Lion because of needing older PowerPC-based software that relies on the Rosetta emulation layer. The problems primarily revolved around using the Open and Save dialogs and printing, though there were additional troubles as well. Affected programs included Quicken 2007, Microsoft Office 2004, Eudora 6.2.4, Photoshop CS 2, FileMaker Pro 6 and 7, Freehand MX, and more.

When I realized the extent of the issues, I wrote (and revised as additional information came in) the initial version of this article to explain the problem. Once it was up, I used social media to help spread the word that Snow Leopard users should avoid Security Update 2012-001 1.0, given that the only fixes at the time were a partially effective “reversioner” developed by Joseph Morris, Rob Uchtman, and Jordan Bellanti, sysadmins at a Nebraska high school, and reinstalling 10.6 Snow Leopard from DVD, followed by an update to 10.6.8.

Although Joseph Morris and his team deserve a medal for their tireless efforts, the true fix had to come from Apple, and it finally arrived late on 3 February 2012, two days after the security update’s initial release. Needless to say, Apple didn’t apologize for the trouble it caused a significant swath of the Macintosh community — it’s not the company’s style. The only public statement about the situation came from the Apple Product Security mailing list, which sent email saying:

Security Update 2012-001 v1.1 is now available for Mac OS X v10.6.8 systems to address a compatibility issue.

Version 1.1 of this update removes the ImageIO security fixes released in Security Update 2012-001.

Comments on this article and my own testing confirm that the 1.1 release does appear to solve all the problems introduced by 1.0. So, my recommendations are as follows:

(For what it’s worth, the now-removed ImageIO security fixes revolve around eliminating vulnerabilities that could be exploited by maliciously crafted TIFF and PNG images, and there’s no way users can identify and avoid such files. We may see Apple release a 1.2 version that brings those fixes back, without causing crashes.)

Unfortunately, we were lulled into a sense of complacency by the last six months; if you think back to earlier last year, Apple biffed the releases of 10.6.7 and 10.6.8 as well — see “OpenType PostScript Fonts Troublesome in 10.6.7 [3]” (27 March 2011) and “Mac OS X 10.6.8 Suffers Printing and Audio Problems [4]” (1 July 2011).

Apple eventually addressed both problems, but it took weeks, not the two days that this most recent misstep took. I argued that public betas might be the answer in “Apple Needs Public Betas for Mac OS X [5]” (8 July 2011) and while there were plenty of dissenting opinions in the comments, it’s clear that Apple’s testing of new releases of Mac OS X — at least with Snow Leopard — isn’t currently getting the job done.

[1]: http://support.apple.com/kb/DL1489
[2]: http://support.apple.com/kb/DL1490
[3]: http://tidbits.com/article/12078
[4]: http://tidbits.com/article/12292
[5]: http://tidbits.com/article/12307