The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Apple Releases Comprehensive Security Update For Panther, Jaguar

Apple Releases Comprehensive Security Update For Panther, Jaguar

by , 3:00 AM EDT, June 8th, 2004

Apple has released a comprehensive security update for both Jaguar and Panther. Named simply "Security Update 2004-06-07," the update specifically addresses the recent security hole involving OS X's launch services. It also specifically plugs the remaining holes left unaddressed by Security Update 2004-05-24.

The description of the update from Apple's Web site (note that this is more comprehensive than the description in Software Update):

Security Update 2004-06-07 (Mac OS X 10.3.4 and 10.2.8)
Security Update 2004-06-07 delivers a number of security enhancements and is recommended for all Macintosh users. The purpose of this update is to increase security by alerting you when opening an application for the first time via document mappings or a web address (URL). Please see this article for more details, including a description of the new alert dialog box.

Security Update 2004-06-07 is available for the following system versions:

  • Mac OS X v10.3.4 "Panther"
  • Mac OS X Server v10.3.4 "Panther"
  • Mac OS X v10.2.8 "Jaguar"
  • Mac OS X Server v10.2.8 "Jaguar"
    • LaunchServices
      Impact: LaunchServices automatically registers applications, which could be used to cause the system to run unexpected applications.
      Discussion: LaunchServices is a system component that discovers and opens applications. This system component has been modified to only open applications that have previously been explicitly run on the system. Attempts to run an application that has not previously been explicitly run will result in a user alert. Further information is available in this article.
    • Component: DiskImageMounter
      Impact: The disk:// URI type mounts an anonymous remote file system using the http protocol.
      Discussion: The registration of the disk:// URI type is removed from the system as a preventative measure against attempts to automatically mount remote disk image file systems.
    • Safari
      Impact: The "Show in Finder" button would open certain downloaded files, in some cases executing downloaded applications.
      Discussion: The "Show in Finder" button will now reveal files in a Finder window and will no longer attempt to open them. This modification is only available for Mac OS X v10.3.4 "Panther" and Mac OS X Server v10.3.4 "Panther" systems as the issue does not apply to Mac OS X v10.2.8 "Jaguar" or Mac OS X Server v10.2.8 "Jaguar".
    • Terminal
      Impact: Attempts to use a telnet:// URI with an alternate port number fail.
      Discussion: A modification has been made to allow the specification of an alternate port number in a telnet:// URI. This restores functionality that was removed with the recent fix for CAN-2004-0485

Apple also offered a statement of sorts in the Knowledge Base (KBase) article for this update about the company's policy concerning security issues. That statement:

This document outlines security updates for Apple products. For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.

There is much more information in the full KBase article. You can download the update from that article, or directly in your Software Update Control Panel.

The download weighs in at 1.3 MB, and TMO strongly recommends that all Jaguar and Panther users install this update.

Recent Headlines - Updated August 22nd

Thu,8:02 PM
Week of Who, Day Four: Inspector Spacetime
6:52 PM
Apple Releases Keynote 6.2.2 with ‘Stability Improvements’
6:45 PM
Apple Releases iMovie 10.0.5 for iCloud and iMovie Theater
6:27 PM
Antminer S3 453 GH/s Bitcoin Mining Rigs Improve Energy Efficiency
6:13 PM
TMO Daily Observations: 2014-08-21
5:20 PM
Apple’s Stock Holds Above $100 with New Record Close
3:52 PM
Five Deals on Mac Apps: TuneUp, TwistedWave, Stuffit Deluxe, Elite Keylogger, Crossover
2:20 PM
An iPhone Veteran Evaluates an Amazon Fire Phone
10:29 AM
3 Free iPhone Apps for Ordering from the Starbucks Secret Menu
9:02 AM
Samsung Doesn’t Have to Pay Apple Attorney Fees Because iPhone wasn’t Famous
Wed,9:40 PM
Week Of Who, Day 3: Craigy Who and Mr Timey Pants
6:49 PM
ACM 268: Apple Copycats, Ad Agencies, and Steve Ballmer: Sports Mogul
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!