Apple’s initial release of Security Update 2012-001 for Mac OS X 10.6 Snow Leopard caused massive problems for many people who have continued to run Snow Leopard over 10.7 Lion because of needing older PowerPC-based software that relies on the Rosetta emulation layer. The problems primarily revolved around using the Open and Save dialogs and printing, though there were additional troubles as well. Affected programs included Quicken 2007, Microsoft Office 2004, Eudora 6.2.4, Photoshop CS 2, FileMaker Pro 6 and 7, Freehand MX, and more.
When I realized the extent of the issues, I wrote (and revised as additional information came in) the initial version of this article to explain the problem. Once it was up, I used social media to help spread the word that Snow Leopard users should avoid Security Update 2012-001 1.0, given that the only fixes at the time were a partially effective “reversioner” developed by Joseph Morris, Rob Uchtman, and Jordan Bellanti, sysadmins at a Nebraska high school, and reinstalling 10.6 Snow Leopard from DVD, followed by an update to 10.6.8.
Although Joseph Morris and his team deserve a medal for their tireless efforts, the true fix had to come from Apple, and it finally arrived late on 3 February 2012, two days after the security update’s initial release. Needless to say, Apple didn’t apologize for the trouble it caused a significant swath of the Macintosh community — it’s not the company’s style. The only public statement about the situation came from the Apple Product Security mailing list, which sent email saying:
Security Update 2012-001 v1.1 is now available for Mac OS X v10.6.8 systems to address a compatibility issue.
Version 1.1 of this update removes the ImageIO security fixes released in Security Update 2012-001.
Comments on this article and my own testing confirm that the 1.1 release does appear to solve all the problems introduced by 1.0. So, my recommendations are as follows:
- If you installed Security Update 2012-001 1.0, immediately install the 1.1 release, which you can get via Software Update or from the Apple Support Downloads page for both Snow Leopard (192.73 MB) and Snow Leopard Server (212.09 MB).
- If you have not yet installed Security Update 2012-001 1.0, queue up the 1.1 release for installation at some point in the future. Although initial reports indicate that it solves the most egregious crashes, it’s still possible that other issues remain and haven’t yet come to light. So it’s best to wait a bit longer before installing; check back on this article before you install — we’ll be sure to note any new information as it comes in. [Update: It now appears that version 1.1 does resolve the problems and can be installed with impunity. -Adam]
The next time a security update comes out, much as I hate to say it, hold off on updating for at least a few days. Enough other people will install it that reports of problems will percolate through the community quickly, and you can make a more-informed decision after a while.
(For what it’s worth, the now-removed ImageIO security fixes revolve around eliminating vulnerabilities that could be exploited by maliciously crafted TIFF and PNG images, and there’s no way users can identify and avoid such files. We may see Apple release a 1.2 version that brings those fixes back, without causing crashes.)
Unfortunately, we were lulled into a sense of complacency by the last six months; if you think back to earlier last year, Apple biffed the releases of 10.6.7 and 10.6.8 as well — see “OpenType PostScript Fonts Troublesome in 10.6.7” (27 March 2011) and “Mac OS X 10.6.8 Suffers Printing and Audio Problems” (1 July 2011).
Apple eventually addressed both problems, but it took weeks, not the two days that this most recent misstep took. I argued that public betas might be the answer in “Apple Needs Public Betas for Mac OS X” (8 July 2011) and while there were plenty of dissenting opinions in the comments, it’s clear that Apple’s testing of new releases of Mac OS X — at least with Snow Leopard — isn’t currently getting the job done.