Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.



Pick an apple! 
New Documents in Snow Leopard's TextEdit

In the Snow Leopard version of TextEdit, you can now create a new document by Control-clicking TextEdit's Dock icon (when it's running), and choosing New Document from the pop-up menu. This isn't a major feature, of course, since you can also just press Command-N while in TextEdit, but consider Control-clicking other applications' Dock icons to see what functions they might make available.

Submitted by
Jerry Nilson



Related Articles



Security Update 2006-001 Validates Downloads

Send Article to a Friend

Responding with reasonable alacrity to the recent Leap-A and shell script exploits, Apple released Security Update 2006-001 last week, fixing a slew of problems. Most notably, an update to Safari and LaunchServices performs additional download validation when the "Open 'safe' files after downloading" option is on to warn the user (in Mac OS X 10.4.5) or to avoid opening the download entirely (in 10.3.9). A similar update to Mail makes sure Download Validation can better detect unsafe or unknown file types in attachments. Also, an update to iChat in Mac OS X 10.4.5 now uses Download Validation to warn users of unknown or unsafe file types during file transfers.

< artnum=303382>

In general, increased warnings are a good thing unless they become so commonplace that users automatically agree to actions without considering the specifics. Plus, despite these changes, Apple still encourages all users to be careful about handling email attachments and opening downloaded files; see Apple's safety tips if you're not sure how to evaluate a given attachment or file. Even still, we'd like to see Apple going further to prevent the kind of deceptions that allow a malicious application to masquerade as a harmless document. Matt Neuburg's suggestion last week (see "Of Files, Forks, and FUD" in TidBITS-818) of badging all executables in some obvious way would be a step in the right direction, although deception (such as a malicious application mimicking a well-known legitimate one) remains possible.

< artnum=108009>

Also important in Security Update 2006-001 is an update to apache_mod_php that includes PHP 4.4.1, a security update to the PHP scripting language. Holes in PHP - specifically in Web forms that are being exploited by spammers - are the largest security issue in the Web server world right now, and PHP 4.4.1 does not fix all of these problems. PHP is disabled by default in Mac OS X, so only people who have explicitly turned it on need worry about these concerns; see the link below for more information.

< 000668.php#000668>

Other updated components of Mac OS X include automount, BOM (Mac OS X's archive unpacking code), Directory Services, FileVault, IPsec, LibSystem, perl, rsync, Safari (in more ways than just increased download validation), and Syndication (Safari RSS). While some of Apple's security updates feel like fixes to issues that few people would ever encounter, a number of the problems addressed by Security Update 2006-001 are quite concerning, and we encourage everyone to install it right away. Security Update 2006-001 comes in versions for Mac OS X 10.4.5 for PowerPC (12.5 MB download) and Intel (22.5 MB), and Mac OS X 10.3.9 Client (25.3 MB) and Server (38.6 MB); all sizes are for the stand-alone version and may be somewhat different for Software Update, which provides the right version for your Mac.

< securityupdate2006001macosx1045ppc.html>
< securityupdate2006001macosx1045clientintel.html>
< securityupdate20060011039client.html>
< securityupdate20060011039server.html>


Automatic turns almost any car into a connected car. By pairing
Automatic’s connected car adapter with iPhone apps on
Automatic’s platform, drivers are able to drive safer and smarter.
TidBITS readers get 20% off all orders at <>