Mac OS X 10.3.4 Released 166
sizemoresr writes "The 10.3.4 Update delivers enhanced functionality and improved reliability for Mac OS X v10.3 'Panther' and is recommended for all users. Key enhancements include: improved file sharing and directory services for Mac (AFP), UNIX (NFS), PPTP, and wireless networks; improved OpenGL technology and updated ATI and NVIDIA graphics drivers; improved disc burning and recording functionality; iPods connected via USB 2.0 are now recognized by iTunes and iSync; additional FireWire audio and USB device compatibility; updated Address Book, Mail, Safari, Stickies, and QuickTime applications; improved compatibility for third party applications; previous standalone security updates."
Hopefully it fixes the recent exploits (Score:2, Insightful)
However, I wish Apple would provide more information on their updates. They are so generalized.
If they're serious about the Enterprise space, this is a must do.
Re:Hopefully it fixes the recent exploits (Score:1, Interesting)
Re:Hopefully it fixes the recent exploits (Score:5, Informative)
However, I wish Apple would provide more information on their updates.
Apple always provides complete information about their updates in the Apple Knowledgebase. The information for the 10.3.4 update is here [apple.com].
The question is.. (Score:3, Funny)
Re:The question is.. (Score:4, Funny)
Re:The question is.. (Score:2, Funny)
Re:The question is.. (Score:5, Funny)
the _real_ question is...... (Score:2)
because i know that help 'sploits and ical performance are way back on my list - and being 'the typical' mac user i dont care about these things - but stickie updates... ohhhh yeah
Re:the _real_ question is...... (Score:3, Informative)
I installed it (Score:5, Funny)
On the plus side, it now only takes 19 minutes to copy that damn file.
I guess it's not all bad...
Re:I installed it (Score:5, Funny)
Crocodile Hunter Steve Irwin: (whispering) From our hiding spot behind this potted plant, we can get a good view of a geek trying to resist his instinct to update his computer. One has to be extremely careful when handling a common Windows geek, since they quite often carry diseases like worms, but this geek appears to come from either a Linux or Mac colony. It looks like this one is fairly calm, possibly domesticated, since he's been showing some self-control
But watch what happens when I yell "new features"
No fix on recent exploits (Score:5, Informative)
These exploits are serious, and will require a significant overhaul of the protocol handler code as well as a possible revision on the handling of downloadable disc images in Safari (which is a factor in many of the exploits). Yes, they could have waited, but if 10.3.4 was already ready, I'd prefer for Apple to release it on time and give us the fixes they can right now, and then work on the recent problems to provide us a good security patch (or maybe a 10.3.5) when they've fixed it.
Re:No fix on recent exploits (Score:5, Informative)
I'd agree that a careful overhaul is needed to properly fix these exploits. But the clock is ticking on the exploit problem!
-Geoff
Re:No fix on recent exploits (Score:2, Informative)
Try it, the proof of concept hack does just this.
Re:No fix on recent exploits (Score:5, Informative)
It sounds like the problem is that programs can register as "protocol handlers" and this is done automatically when the finder sees the file. On Windows (and I guess on Linux) this is done only if you actually run a program (and if a web page could cause a program to be run you have a much more direct exploit).
It does seem this could be fixed by not installing any handlers until the program is first run. Not sure how hard this is to do or why Apple has not done it yet. It sould also be the responsibility of anybody doing a protocol handler to not do anything dangerous no matter what command line arguments are passed (perhaps url's should add "--" before any arguments so that switches are never passed, any switches should be done by making different protocol handler names).
Re:No fix on recent exploits (Score:2)
Re:No fix on recent exploits (Score:5, Informative)
Exploits are Fixed (Score:3, Informative)
See this post [slashdot.org] for the links to the exploit examples I tested against. (I had not modified any of my URL handlers at all, and had already uninstalled "Paranoid Android"
Re:Exploits are Fixed (Score:2)
Re:Exploits are Fixed (Score:2)
delete the file for the haxie you want gone.
Re:Exploits are Fixed (Score:2, Funny)
Oh, never mind -182 off-topic.
Re:No fix on recent exploits (Score:5, Insightful)
They are serious, but most of the fixes belong in the apps, not the underlying OS services. [slashdot.org] It's a matter of filtering unsafe data so it cannot be used for unsafe operations, in the individual applications. That, or disabling the handlers.
Yes, they could have waited, but if 10.3.4 was already ready, I'd prefer for Apple to release it on time and give us the fixes they can right now, and then work on the recent problems to provide us a good security patch (or maybe a 10.3.5) when they've fixed it.
Totally agreed. I prefer Apple's "release when ready" rather than "lump all our releases together" approach to security fixes.
Re:No fix on recent exploits (Score:2)
DaveC
Re:No fix on recent exploits (Score:2)
Thanks! (Score:5, Informative)
Re:Thanks! (Score:3, Interesting)
Why can't they make it wake up on ssh connections somehow?
Re:Thanks! (Score:4, Interesting)
That said, it would probably be okay if you kept the load low. You can check out Screen Spanning Doctor [rutemoeller.com], which, in addition to enabling dual-head support on some iBooks, will allow you to run the iBook with the lid shut in OS X. Be warned! The dual-head hack only works for some iBooks, and can damage others, so check the compatibility list.
Re:Thanks! (Score:5, Informative)
It is - see, for example, a knowledgebase article [apple.com] on it - but that's "wake on magic packet" [scyld.com] (or Magic Packet(TM) [amd.com]) wake-on-LAN, not the more general packet matching wakeup that some network interfaces support.
I.e., the machine won't automatically wake up when you try to ssh into it; you need to send it a Magic Packet(TM) to wake it up. A packet-matching wakeup might be able to match incoming unicast packets to the machine, broadcast ARP requests asking for the MAC address corresponding to the machine's IP address, and other packets that it would need to respond to, so that attempting to ssh into it would wake it up, without making it respond to various random broadcasts and multicasts for which it wouldn't have to wake up (e.g., a broadcast ARP request for somebody else's MAC address, assuming it doesn't have to reply to that for e.g. proxy ARP purposes).
However, wake-on-Magic-Packet(TM) might be sufficient for the purposes of the person to whom you responded; I think one purpose for which it was intended was to allow administrators to wake up sleeping machines in order to do various remote administrative operations - including the remote software updates that they wanted to do.
Re:Thanks! (Score:3, Informative)
Yes, wake on magic packet works. I have my ADSL router set up to forward traffic destined for 9/UDP ('discard' port) on the ADSL interface to be sent to the broadcast address (where my Mac will see it) on my LAN.
I then use wakeonlan [uminho.pt] (perl script) to send a magic packet to the router from the internet, which wakes the Mac up. After this I can ssh in to my Mac (port forward for SSH configured on the ADSL router).
The only problem is that I only get 30 seconds of connectivity before my Mac goes back to slee
Re:Thanks! (Score:4, Informative)
Re:Thanks! (Score:2)
Re: (Score:2, Informative)
This should help. (Score:5, Informative)
For what it's worth.... (Score:4, Interesting)
Question (Score:1, Offtopic)
Re:Question (Score:3, Interesting)
Every commercial product (think Star-Office, Spam-Assassin, etc.) that has an OSS back-end is doing exactly that...
Re:Question (Score:2)
Re:Question (Score:2, Funny)
Troc
Cummulative update skip earlier files? (Score:1)
Does this update skip updates that were already released, downloaded and installed?
Re:Cummulative update skip earlier files? (Score:2)
I wondered why my browsing was so slow, but then Software Update popped up and said 'want 10.3.4?' When I hit 'yes' it skipped the 40MB download, and went straight to 'unzipping and installing'
YMMV, I think it's off by default.
Mark
URL Handler Exploits appear to be fixed... (Score:5, Informative)
Doesn't seem any slower or faster.
Most importantly, it looks like some of the URI handler problems/security holes are now patched as well. I had uninstalled the "Paranoid Android" Haxie before the update (to make sure there weren't any install issues) so it was no longer running.
It looks like none [geekspiff.com] of [unsanity.org] these [insecure.ws] exploits [insecure.ws] seem to work any more after the 10.3.4 update.
Nice work,
DaveC
Re:URL Handler Exploits appear to be fixed... (Score:2, Interesting)
Re:URL Handler Exploits appear to be fixed... (Score:5, Informative)
I was able to run the applescript manually by clicking on it and it brought the "you have been owned" dialogue box, then when you click on the OK button it exits and dismounts the image automatically. So I know I waited long enough for everything to download. Heck I waited like 5 minutes incase of delayed execution. Nope, the hole is closed for me.
Note, stopping the execution of the remotely mounted program WON'T protect the user from his stupid self if he/she blindly executes unknown programs/scripts downloaded indiscriminately from the internet, but then again, nothing can protect a dumb ass from themselves.
Caveat Emptor,
DaveC
Re:URL Handler Exploits appear to be fixed... (Score:5, Informative)
Re:URL Handler Exploits appear to be fixed... (Score:2)
I actually have always had this unchecked even before the discovery of the URL handler exploits, it just seemed a bit unnerving to me for my Browser to be running stuff for me. Way too....er....Microsoft to be comforting.
DaveC
Re:URL Handler Exploits appear to be fixed... (Score:2)
Re:URL Handler Exploits appear to be fixed... (Score:4, Informative)
Again, I've tried all four links and none autoexecute, they just bring up the remote .dmg or ftp folder with the example code in them. NONE of these programs executed for me.
Is this some residual side effect of having had Paranoid Android on my computer? (ie. are there lasting changes despite having it uninstalled that keeps these programs from running? Paranoid Android used to bring up a confirmation dialog when I clicked on the "Open Energy Saver..." menu option of my Menu Bar Battery Icon asking if it was ok for a URL type file to be executed with System Preferences. Now that it's uninstalled, it no longer does that so I KNOW Paranoid Android is now completely gone, even went into /Library and delete the Haxie PreferencePane.) A few others have reported that the URL Handler exploit doesn't work anymore after the update.
I did NOT previously modify any URI Handlers by hand nor did I delete any applications prior to this update. If being protected is an isolated effect, I'm glad I got lucky I guess.
DaveC
Re:URL Handler Exploits appear to be fixed... (Score:4, Informative)
I was being protected by Privoxy!!! (Score:5, Informative)
OK, so my setup is apparently somewhat resistant for now, not bullet proof but nice to know: 10.3.4, disabled the "Open Safe files" option, running Privoxy (which is set to default actions)
The help viewer URL problem is apparently patched and so is the SSL hole (according to another post on this page) so that is a comfort. Not the cleanest fix but in my case it works well.
Sorry for the wild goosechase or if I mislead anyone into thinking the problem had completely disappeared. On first inspection, it REALLY did seem to me that I wasn't vulnerable...well I wasn't, but no thanks to Apple.
DaveC
Confirm? (Score:2)
It seems odd to me that they would fix such a major security flaw so quickly and quietly. I mean, I'd expect them to toot their horn at least a little bit about it....
ALL exploits still work under 10.3.4 (Score:5, Informative)
To protect yourself, you still MUST:
- disable "open safe files after download" in Safari
- disable the following protocols (or reassign to a helper other than Finder):
afp
ftp
disk
disks
and additionally:
telnet
ssh
and/or install Paranoid Android [haxies.com]
Hopefully Apple will find a reasonable resolution for this soon.
Re:ALL exploits still work under 10.3.4 (Score:3, Informative)
DaveC
Re:ALL exploits still work under 10.3.4 (Score:2, Informative)
Hmmmm....Since I can't try it now, someone who has these a system where these exploits work, try installing Paranoid Android 1.2 (though under 10.3.3 I had at initially installed P.A. 1.0, then upgraded to 1.1 then 1.2 as each release came out), then verify that it works and pops up the appropriate warning dialogue. Then, uninstall Paranoi
Re:ALL exploits still work under 10.3.4 (Score:2)
Re:ALL exploits still work under 10.3.4 (Score:2)
I wonder why this update is having such a wide variation in response to the URL Handler exploit?
DaveC
Re:ALL exploits still work under 10.3.4 (Score:5, Informative)
As a bonus you can use it to change your default browser without first having to launch Safari.
Re:URL Handler Exploits appear to be fixed... (Score:2)
That doesn't mean anything.. those exploits didn't work before because the DMGs are damaged.
I'd actually be very concerned if Apple fixed the URI handler problems with 10.3.4, because that would mean that they've officially abandoned Jaguar.
Re:URL Handler Exploits appear to be fixed... (Score:2)
how would it mean that? cos they might have fixed a bug in 10.3 doesn't mean that they won't fix it in 10.2 later. I beleive that this often happens, fix in latest first, catch up with the older os later.
dave
Re:URL Handler Exploits appear to be fixed... (Score:2)
Re:URL Handler Exploits appear to be fixed... (Score:2)
Confirmed: exploits still work in 10.3.4 (Score:2)
i never installed Paranoid Android or any other third party app to address this issue. A few minutes ago, I tested all the exploits in this post [slashdot.org] and confirmed they worked in 10.3.3.
Then I just ran the software update and installed 10.3.4 and went back to test those same exploits, and they still work: test.app does get launched, shows me a warning with t3h [suck] button, and places owned.txt in my home directory.
in conclusion: 10.3.4 does NOT fix those vulnerabilities.
Has anybody heard from Apple o
FireWire Audio devices... (Score:4, Interesting)
Thanks Apple!
Fixed my PPTP problem (Score:2)
For connecting in 10.3.3 I had to use a shell script but now it works from the GUI too.
anacron-like update? (Score:5, Interesting)
Addresses an issue in which scheduled items, such as automated backups or Software Update checks, may not work if the computer is asleep at the scheduled time. With this update, the schedule will run once the computer wakes from sleep.
What about the periodic scripts (daily, weekly, monthly)? Is anacron now unnecessary?
zach
Re:anacron-like update? (Score:2)
Or does it do sleep math.
Re:anacron-like update? (Score:3, Informative)
I'd assume that this issue addresses the various OS X schedules, and not the Darwin cron daemon. The cron daemon is what drives the periodics scripts.
From a look at the Archive.bom file, cron was not touched in this update.
Of course, it's possible that Apple has some OS X specific hack around the cron way of doing things that was fixed in one of the other many files that this update affected.
I see no evidence to suggest this, however.
Safari is way faster (Score:5, Interesting)
This algorithm completely transforms the feel of Safari over DSL and modem connections. Page content usually comes screaming in at the 250ms mark, and if the page isn't quite ready at the 250ms, it's usually ready shortly after (at the 300-500ms mark). In the rare cases where you have nothing to display, you wait until the 1 second mark still. This algorithm makes "white flashing" quite rare (you'll typically only see it on a very slow site that is taking a long time to give you data), and it makes Safari feel orders of magnitude faster on slower network connections.
Because Safari waits for a minimum threshold (and waits to schedule until the threshold is exceeded, benchmarks won't be adversely affected as long as you typically beat the minimum threshold. Otherwise the overall page load speed will degrade slightly in real-world usage, but I believe that to be well-worth the decrease in the time required to show displayable content.
Re:Safari is way faster (Score:4, Informative)
10.3.4 update on DualG5... (Score:4, Interesting)
Re:10.3.4 update on DualG5... (Score:4, Funny)
prick.
Re:10.3.4 update on DualG5... (Score:5, Insightful)
Accidentally installed it. (Score:5, Funny)
Everything is cool so far, but I feel like a total idiot for not noticing. And yet I feel compelled to tell this to other people...
Safari (Score:5, Interesting)
Updated on Cube - against better judgement, for better firewire drive compatibility - and all seems well...
Anyone here maliciously hit? (Score:3, Interesting)
Re:Anyone here maliciously hit? (Score:4, Insightful)
The demand was the same one as for you to have a working lock on your front door when you buy a new house, even if there may be no burglars around right then right there.
I'm sure no one has been hit for real. We would have heard about it at /.
Version Numbering Schemes (Score:3, Interesting)
NetBSD is still at version 1 (1.6.2 is the latest I am running) and Solaris has been at version 2 through all the versions (2.5, 2.6, 2.7, 2.8, etc.) for years, even though they call 2.8 Solaris 8.
Just an interesting thing to ponder. There's enough difference between the initial MacOS X release and the current release that they should definitely have different version numbers.
Re:Version Numbering Schemes (Score:2)
Compared to OS 8.5 vs OS 9, I would definitely agree. But then again I always considered 9 to be what 8.6 should have been, and never actually bought it (until it came bundled wth 10.1 and my next mac).
So I guess what I'm trying to say is that while it's more worthy of a version number update than past releases, those past releases didn't deserve it either.
Oh,
Re:Version Numbering Schemes (Score:2)
Solaris 2.x == SunOS 5.x
solaris x (x >=8) == Solaris 2.x == SunOS 5.x
Anyone using PithHelmet with the new Safari? (Score:2)
Thanks,
Ian
Re:Anyone using PithHelmet with the new Safari? (Score:2)
X11 (Score:3, Informative)
Safari table copy still broken (Score:2, Interesting)
This is a real show stopper for me since I often generate tables from a web database and need to paste the results into excel.
What is worse, this was fixed in a much earlier version of Safari and was then broken again and has remained so ever since.
I have used the Bug button to report this many times but apparently these go unread....sigh... ti
Questions for Xserve running 10.3.3 Server (Score:2)
(1) Is this update for Server or only the client version of OS X?
(2) Will this or other updates make changes to/overwrite existing configuration files that have been customized? (Specifically httpd.conf, php.ini, and the default
In general what are best practicices for applying patches to production environments?
Re:Questions for Xserve running 10.3.3 Server (Score:2, Informative)
There are separate releases of the 10.3.4 update for BOTH the client and server versions of X 10.3. SoftwareUpdate should take care of this "automagically" for you.
As for importance in a production environment, I would guess this set of patches/updates coming up are VERY important because of the holes in the operating system - leaving those unpatched leaves your entire network at risk. Best to depoly the patches on a test machine, and once everything checks out - deploy to all machines on the network th
Disappointed...no iCal update (Score:2, Offtopic)
There clearly exists code to update the icon while the program is running (the 9 fills from the bottom to the top when
Re:Disappointed...no iCal update (Score:2)
I leave iCal running 24/7 and it always has today's date in it.
Mark
After reading through the updates (Score:3, Funny)
Yet I feel as though I need to leave my cube, drive home, open my PowerBook and get it updated as soon as possible.
My ass is still sore... (Score:2)
Yeah - the predictable happened. Mouse pointer freeze and all. Leaving me with a honked installation that won't boot.
I rebooted to OS9 & downloaded the standalone, reinstalled 10.3 on a different partition [I would have fixed it singleuser, but installer was giving me "Carbon Lazy Values"] and ran:
installer -pkg MacOS10.3.4blahblah.pkg -target /Volumes/Macintosh\ HD/
Then I
What about uControl + 10.3.4? (Score:2)
Re:What about uControl + 10.3.4? (Score:2)
Minor Photoshop 7.01 Problems. (Score:2)
Nasty Problem: Desktop Digestion (Score:2, Interesting)
SecurityAgent spun after update (Score:2, Interesting)
There were two users
Re:SecurityAgent spun after update (Score:2)
This one hosed my PowerBook (Score:3, Interesting)
My Cube installed the patch, and gave me the dialog box asking me to reboot. My PowerBook installed it, and at some point near the end of the install (maybe the "Optimizing Volume" step) it froze the machine, with the message saying "You need to reset this machine. Hold down the power button for several seconds." So, I did that and it rebooted to the login screen. When I entered my password it dropped me to the Darwin text console login screen. If I entered a password there, it denied my login and brought be back to the GUI login screen.
After monkeying with that a while, I copied my data off the machine by booting it in firewire disk mode. Then I reinstalled OS X from the restore disk. When I ran software update and tried to install it again, I got the same system freeze and reset machine message (it happened at 97% of the optimizing volume step). Fortunately, this time it rebooted fine. But, my confidence in OS X has gone down quite a bit now.
Before any update ... (Score:2)
Re:at Apple... (Score:2, Interesting)
Re:at Apple... (Score:2)
Re:New problem, crashing white windows... (Score:2, Insightful)
Re:Mail problems with reply/forward, anyone? (Score:2)
just so you know, deleting the mail prefs file doesn't help, and this problem is being seen by others ( odd thing is, it only happens on *some* messages, what's up with *that*? ).
I may hold off on updating my own machine... at least until my new G5 shows up