Apple has released Security Update 2012-004 for both Mac OS X 10.6.8 Snow Leopard and 10.6.8 Snow Leopard Server, both of which address the same issues. Among the list of fixes, the releases update Apache 2.2.22 to prevent a vulnerability that could lead to denial of service, add a revoked TrustWave root certificate to a list of untrusted certificates, and update the DirectoryService Proxy to prevent an arbitrary execution of code due to an overflow buffer vulnerability. There’s no reason to update instantly; we recommend waiting a week or so and seeing if online reports note any distressing side effects. Note that Apple incorrectly lists the file size of the 10.6.8 Snow Leopard Security Update as 2.36 MB — it is actually 257 MB. (Free, 257/276 MB)
Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.
Use VirusBarrier X6 to Find Internet Traffic Paths
Need to find out who owns a domain name, or where your traffic is being routed? VirusBarrier X6 has a number of network monitoring tools, including a built-in Whois search tool, and a Traceroute feature. If you use the latter, you can even display a map after the traceroute has completed, showing exactly where in the world data passes between your Mac and a selected IP address.
Visit Intego
Security Update 2012-004 (Snow Leopard)
New from Smile: PDFpen 6! Now with Microsoft® Word Export and anew editing bar to make it easier than ever to edit your PDFs.
The new PDFpenPro 6 adds document permission settings and automatic
form creation! Download the free demo: <http://smle.us/tbpdfpen6>
And disables ALL plugins in Snow Leopard Mail. Disaster......
Mail doesn't work anymore here ...
I'm confused - maybe you can help since Mail stopped working for you too. All the other write ups concerned plug ins. Mine is just mail. Were you able to get plain ole Mail 4.6 or 4.5 working after installing the latest security patch? I'm a unix novice. Thanks
Yes, this update disables not only 3rd party plugins (Spam Sieve, Letterbox, Growl) in Mail, but "To Do" feature as well.
Spam Sieve (love 'em to death) whipped out a beta fix.
Get at:
http://c-command.com/beta/SpamSieve-2.9.5b1.dmg
No fix for Letterbox, which was only updated for 10.6.7 anyway.
BUT see Apple discussion for other fixes:
https://discussions.apple.com/thread/4311387
UPDATE: Spam Sieve also posted it's own comments about restoring the mail plugin:
http://support.indev.ca/discussions/questions/643-plugins-broken-wsecurity-update-today
Spam Sieve (love 'em to death) whipped out a beta fix.
Get at:
http://c-command.com/beta/SpamSieve-2.9.5b1.dmg
No fix for Letterbox, which was only updated for 10.6.7 anyway.
BUT see Apple discussion for other fixes:
https://discussions.apple.com/thread/4311387
UPDATE: Spam Sieve also posted it's own comments about restoring the mail plugin:
http://support.indev.ca/discussions/questions/643-plugins-broken-wsecurity-update-today
You say it's 257/276 MB. But the file I downloaded (apparently successfully) is reported in Finder as 269.6 MB (269,582,402 bytes). Does that mean there's something wrong with my file, or is it just something about disk allocation block sizes or something? I haven't installed it yet.
Don't worry about it - we give reported file sizes so you can get a sense of how long it will take to download, and the actual size can vary based on how you get it or what Mac model you have.
Thank you Apple for updating Apache but what about OpenSSL it has been vulnerable since January. Trustwave, my PCI tester still fails my server because OpenSSL hasn't been upgraded from 0.9.8r to 0.9.8s or later.
Does Apple even care?
Does Apple even care?
Who now how to go back from this update ? ( I suspect it to broke one of my applications)
Thx
Thx