Grab Bag of Security Fixes and Patches for Mac OS X
Last week Apple updated Mac OS X 10.4 Tiger to version 10.4.9 and provided a security update for Mac OS X 10.3.9 Panther. The security update is incorporated into the Tiger update, and could have been labeled “Fixes for the Month of Apple Bugs,” a project we have written about before (see “MoAB Is My Washpot,” 2007-02-19).
Security Update 2007-003 and the related code in Mac OS X 10.4.9 fix dozens of problems reported in the Month of Apple Bugs, including what was the most serious remaining problem, a way to exploit a flaw in Software Update by “enticing a user to download and open a Software Update Catalog file.” We haven’t seen reports of this – or any of the rest of the bugs – in the wild. Most of the non-MoAB exploits fixed by the security update require local users with access to an account and software that isn’t enabled by default in Mac OS X.
There’s no simple way to summarize 10.4.9’s general enhancements. Like the last few updates to Tiger, this one is a grab bag of fixes for numerous individual problems, and it’s likely the last big hurrah for Tiger, as Mac OS X 10.5 Leopard’s ostensible ship date moves ever closer. Although Apple could release a 10.4.10, history shows us they prefer the numerical purity of single digits. (Jaguar ended its run with 10.2.8 and Panther with 10.3.9.)
Notable among the general changes are improvements to .Mac synchronization. As a regular .Mac sync user, I have seen lots of inconsistent behavior and long delays. I’m hoping 10.4.9 eliminates these problems. Another fix related to USB modems I have to call out as “I fax in your general direction”: the note says that the update improves reliability in faxing in France or Belgium when using the Apple USB Modem.
Apple has made available separate incremental and combo updates for PowerPC and Intel systems running both Mac OS X and Mac OS X Server; you can use Software Update to download the best updater for your system or view all eight updates from the Apple downloads page. The combo updates work for 10.4.0 and later; the incremental releases work for 10.4.8. Set aside some download time, since the size of the updates runs from 72 MB (PowerPC incremental) to 350 MB (Mac OS X Server Intel combo). Panther’s Security Update 2007-003 is also available both via Software Update and as standalone downloads for both Mac OS X (36 MB) and Mac OS X Server (49.5 MB).
As always, if you experience any unusual problems after updating, particularly with applications not launching, download and install the combo updater for your Mac, since it can provide a cleaner installation.
Apple also released iPhoto 6.0.6, which “addresses issues with EXIF data compatibility and photocasting.” The photocasting fix is in response to another Month of Apple Bugs report. It’s also available via Software Update or as an 8 MB standalone download.