TidBITS Watchlist: Notable Software Updates for 5 April 2010
Microsoft Office 2008 for Mac 12.2.4 Update — The Microsoft Office 2008 12.2.4 Update addresses seven security vulnerabilities surrounding maliciously crafted Excel files that could enable an attacker to run arbitrary code and gain system user rights; accounts with administrative rights are at a greater risk than accounts with fewer privileges. The update addresses these issues by changing the way certain Excel files are parsed.
Additionally, the update fixes several performance issues with Microsoft Excel 2008 for Mac, including the resolution of unexpected crashes from the presence of a corrupt font, the insertion of a row or value into a calculated column, and dragging the scroll bar when the program is displaying trendlines. Also, slow performance with several print drivers under Mac OS X 10.6 Snow Leopard has been improved, and content imported from text files will now be formatted correctly.
The update is rated Important for Microsoft Office 2008 for Mac and requires that you’ve previously installed the Microsoft Office 2008 for Mac 12.2.3 Update. The update is available from Microsoft’s Web site and via the Office 2008 version of Microsoft AutoUpdate. (Free update, 221.5 MB)
Read/post comments about Microsoft Office 2008 for Mac 12.2.4 Update.
Microsoft Office 2004 for Mac 11.5.8 Update — Continuing support for Office 2004, the Microsoft Office 2004 11.5.8 Update addresses seven security vulnerabilities surrounding maliciously crafted Excel files that could enable an attacker to run arbitrary code and gain system user rights; accounts with administrative rights are at a greater risk than accounts with fewer privileges. The update addresses these issues by changing the way certain Excel files are parsed. It is rated Important for Microsoft Office 2004 for Mac and requires that you’ve previously installed the Microsoft Office 2004 for Mac 11.5.7 Update. The update is available from Microsoft’s
Web site and via the Office 2004 version of Microsoft AutoUpdate. (Free, 9.7 MB)
Read/post comments about Microsoft Office 2004 for Mac 11.5.8.
Firefox 3.6.3 — Mozilla’s latest version of Firefox addresses a critical security flaw that was recently discovered at the 2010 Pwn2Own contest by security researcher Nils of MWR InfoSecurity. The flaw, which existed only in version 3.6 and later, was related to memory corruption via “re-use of a freed object due to scope confusion,” and could have led to an attacker running arbitrary code on a victim’s computer. (Free, 19 MB)
Read/post comments about Firefox 3.6.3.
iPhoto ’09 8.1.2 — As Apple cleared the decks for the iPad release, the most recent addition to the flood of updates was iPhoto ’09 8.1.2, which adds support for syncing photos to and from the iPad. The release notes also claim that the update fixes a crashing bug that could occur when syncing an iPhone 3GS, solves a problem that prevented syncing of photos to an iPhone, iPod, or Apple TV if a slideshow in the library used a song containing an ampersand in its name, properly creates event icons for events that contain only video clips, and displays the icon for the iPod nano (5th Generation) correctly in the
Source list. It’s available via Software Update or as a standalone download from Apple’s Support Downloads Web site. (Free update, 13.30 MB)
Read/post comments about iPhoto ’09 8.1.2.
AirPort Utility 5.5.1 — Although it shows up in Software Update as “AirPort Base Station Update 2010-001,” this update is for AirPort Utility 5.5.1, and includes (at least as far as Apple’s telling us) only a pair of bug fixes. The new version properly imports all settings when importing a configuration, and it also now propagates MAC address control lists when using an extended network. (Free, 10.24 MB)
However, AirPort Utility 5.5.1 is also recommended for installing the just-released Time Capsule and AirPort Extreme Base Station Firmware Update 7.5.1. That update is appearing on the Apple Support Downloads site, though not in downloadable form; see this article for information on how to install base station firmware updates. It claims to provide several fixes for the most recent Time Capsule and AirPort Extreme Base Station (Late 2009) units, including an issue that could hurt performance in the 5 GHz band and another issue with creating a guest network in the 5 GHz band.
Read/post comments about AirPort Utility 5.5.1.
PDFpen 4.6.1 and PDFpenPro 4.6.1 — The latest versions of SmileOnMyMac’s PDF editing utilities PDFpen and PDFpenPro bring a handful of minor, but appreciated, tweaks. Changes include better text selection and highlighting in scanned documents through better position accuracy, improved compatibility with sheet-fed scanners, the resolution of a bug that prevented text annotations from being drawn, and the capability to select text in fonts with zero ascent and descent. The updates also bring several other unspecified bug fixes and improvements. ($49.95/$99.95 new, free updates, 45.9 MB/46.1 MB)
Read/post comments about PDFpen 4.6.1 and PDFpenPro 4.6.1.
QuickTime 7.6.6 for Leopard — QuickTime 7.6.6 for Leopard is recommended for all QuickTime 7 users and according to Apple brings about “general reliability improvements for iMovie.” Additionally, the update addresses a long list of security vulnerabilities related to maliciously crafted audio or movie files that could allow attackers to cause crashes or run arbitrary code. The update is available via Software Update or the Apple Support Downloads page. (Free, 68.63 MB)
Read/post comments about QuickTime 7.6.6 for Leopard.
Keyboard Maestro 4.2 — Stairways Software has released an update that fine-tunes its popular macro utility Keyboard Maestro. In version 4.2, pressing the Option key enables you to edit macros chosen from the Status menu or floating palettes, a palette of macros displays when a duplicate hotkey is pressed, a new action can execute other macros, and certain macros can be canceled by neglecting their required actions. Also, typed string triggers can now contain Return characters, AppleScript error logging is available, regular helpful program tips can be received via email, and MIDI triggers and MIDI actions are available for Note On, Note Off, and Control
Change. Finally, several bugs have been fixed, including a sorting issue with the macro list and a crashing bug in the Select Menu Item action editor. ($36 new, free update, 9 MB)
Read/post comments about Keyboard Maestro 4.2.