Most Popular Articles
- MobileMe Mail and Gmail Go Down Simultaneously (11 Aug 2008)
- Comparing Apple's MobileMe Contrition with Google and Netflix (19 Aug 2008)
- iPhone Apps That Go Beyond Entertainment (08 Aug 2008)
- Jobs Personally Acknowledges iPhone Bug and Upcoming Fix (19 Aug 2008)
Recent TidBITS Talk Discussions
- Archiving a Time Capsule (3 messages)
- Google Chrome (20 messages)
- How to Protect Yourself From The New Mac OS X Trojans (29 messages)
- Cox.net Will Not Send from iPhone (57 messages)
Published in TidBITS 798. Subscribe today to receive TidBITS in email every Monday.
- Office 2004 SP2 Enhances Entourage, Fixes Bugs
- Opera Now Free
- Adam Engst Speaking at MUG ONE on 04-Oct-05
- DealBITS Drawing: Dejal Simon
- Apple Updates .Mac with More Storage and Features
- Insider Smashes Suitcases
- The Prize Wonderland Auction
- Take Control News/26-Sep-05
- Hot Topics in TidBITS Talk/26-Sep-05
| Apple Posts Security Update 2005-008
by Geoff Duncan 
Apple has released Security Update 2005-008, which is available either as a standalone installer or via Mac OS X's Software Update feature. The update applies to both Mac OS X 10.3.9 Panther and Mac OS X 10.4.2 Tiger, with sizes ranging from 4 to 7.4 MB.
<http://docs.info.apple.com/article.html? artnum=302413>
<http://www.apple.com/support/downloads/ securityupdate2005008macosx1042.html>
<http://www.apple.com/support/downloads/ securityupdate2005008macosx1039.html>
Fixes in this update include changes to ImageIO, LibSystem, Apple Mail, QuickDraw, Ruby, SecurityAgent, securityd, and Safari (Mac OS X 10.3.9 only). Some highlights:
Security Update 2005-008 fixes a problem where, under certain situations using Mac OS X 10.4 Tiger, a "Switch User" button could appear even though Fast User Switching isn't enabled. The bug potentially exposed a user's Desktop without authentication.
A bug in Authentication Services which enabled unprivileged users to grant themselves rights to manipulate files or perform other actions has been fixed.
Mail autoreply rules no longer expose the contents of encrypted messages, and (under Mac OS X 10.3.9), the update fixes a bug in Kerberos authentication which may have appended uninitialized memory to a message. (Uninitialized memory would likely be utterly nonsensical, but in theory could contain virtually any data your computer has processed since startup.)
A corrupt GIF image could potentially create a buffer overflow in ImageIO (an operating system component for rendering images used by Safari and other applications), which could enable an attacker to execute arbitrary code. No known exploitations have occurred, and Security Update 2005-008 fixes the problem. A similar issue with PICT images is fixed in the operating system's QuickDraw component. However, we've received reports that the latter fix may also be preventing legitimate PICT images from displaying properly.
Maliciously crafted Web archives could potentially make Safari render the archives as content from sites that didn't serve them. Safari 2.0 (part of Mac OS X 10.4 Tiger) introduced Web archives; Security Update 2005-007 solved this problem in Tiger, and this update (2005-008) solves it for the version of Safari used with Mac OS X 10.3.9.
Fetch Softworks: Fetch 5.3 has WebView, the easy wayto view files in a browser and copy Web addresses from Fetch.
Also a new look for Leopard, droplet shortcuts, and more.
Download your free trial version! <http://fetchsoftworks.com/>