Quantcast

Apple releases Mac OS 10.3.4-now available for download

N8 v2.0

N8 v2.0

Not the sharpest tool in the shed
Oct 18, 2002
11,003
149
The Cleft of Venus
Apple releases Mac OS 10.3.4
Apple Computer | 5/26/2004

Apple releases Mac OS 10.3.4

Key enhancements include:

-improved file sharing and directory services for Mac (AFP), UNIX (NFS), PPTP, and wireless networks

-improved OpenGL technology and updated ATI and NVIDIA graphics drivers

-improved disc burning and recording functionality

-iPods connected via USB 2.0 are now recognized by iTunes and iSync

-additional FireWire audio and USB device compatibility

-updated Address Book, Mail, Safari, Stickies, and QuickTime

-applications improved compatibility for third party applications previous standalone security updates

For detailed information on this Update, please visit this website:
OSX 10.3.4 update info
 
BostonBullit

BostonBullit

Monkey
Oct 27, 2001
230
0
Medway, MA
hmmm...they seem to have forgotten the latest feature

--- HUGE GIANT EASILY EXPLOITED SECURITY HOLE

I'll send em off a quick e so they can update the release...
 
Toshi

Toshi

Harbinger of Doom
Oct 23, 2001
38,549
7,874
Originally posted by BostonBullit
hmmm...they seem to have forgotten the latest feature

--- HUGE GIANT EASILY EXPLOITED SECURITY HOLE

I'll send em off a quick e so they can update the release...
Click to expand...
the help: exploit? meh. that couldn't even execute arbitrary code. at worst it would execute an applescript that could overwrite files with known paths that you had write permission for. and since mac os x makes it near-impossible to run logged in as root that's not that bad at all.
 
BostonBullit

BostonBullit

Monkey
Oct 27, 2001
230
0
Medway, MA
Originally posted by Toshi
the help: exploit? meh. that couldn't even execute arbitrary code. at worst it would execute an applescript that could overwrite files with known paths that you had write permission for. and since mac os x makes it near-impossible to run logged in as root that's not that bad at all.
Click to expand...
hmm... this article painted a far less rosey picture....guess we have to wait and see... :dead:
 
Toshi

Toshi

Harbinger of Doom
Oct 23, 2001
38,549
7,874
Originally posted by SkaredShtles
WTF? Is the default behavior for Apple to run the user desktop session as root? I don't see how this could happen if the desktop is launched by an unpriveledged user..........

-S.S.-
Click to expand...
that article is a load of non-technical hooey. user sessions run as the USER. theoretically one could make an applescript that runs a unix command with sudo, but the user would have to authenticate.
 
SkaredShtles

SkaredShtles

Michael Bolton
Sep 21, 2003
66,002
12,915
In a van.... down by the river
Originally posted by Toshi
that article is a load of non-technical hooey. user sessions run as the USER. theoretically one could make an applescript that runs a unix command with sudo, but the user would have to authenticate.
Click to expand...
Sounds like a bunch of sensationalist horse$hite. I'm so surprised. :rolleyes:

-S.S.-
 
MtnBikerNJ

MtnBikerNJ

Monkey
Mar 5, 2003
252
0
jerrrrrsey
actually i think there was 1 case where someone actually had his home user folder deleted, but it was from an applescript he downloaded from limewire (it had a Microsoft 2004 icon on it - he thought he was getting the program).

but everything else had been a "proof of concept" and no actual virus or anything yet. But from what it was looking like, there could have actually been some danger. That said, having 1 single security vulnerability like that surface, then have it fixed within a few days, is alot different than the many on windows...

as for 10.3.4, i now have it on 2 machines with no consequences noticed so far...
 
BostonBullit

BostonBullit

Monkey
Oct 27, 2001
230
0
Medway, MA
Originally posted by MtnBikerNJ
That said, having 1 single security vulnerability like that surface, then have it fixed within a few days, is alot different than the many on windows...
Click to expand...
well, hopefully they can fix it in a few days for ya (the 'fix' they issued doesn't fix it BTW)
 
Toshi

Toshi

Harbinger of Doom
Oct 23, 2001
38,549
7,874
Originally posted by MtnBikerNJ
actually i think there was 1 case where someone actually had his home user folder deleted, but it was from an applescript he downloaded from limewire (it had a Microsoft 2004 icon on it - he thought he was getting the program).
Click to expand...
this is a separate issue entirely. and the user in question exhibited multiple levels of dumbness:

http://www.appleturns.com/scene/?id=4689

See, faithful viewer Stephanie tipped us off to a Macworld UK article about the dodgy app in question, and apparently it's been showing up on peer-to-peer sharing networks "cunningly disguised as a Word 2004 for Mac demo." One reader states that he grabbed the file via Limewire "in the hope that perhaps Microsoft had released some sort of public beta"; after the file was unzipped, it sported a Microsoft icon that "looked genuine and trustworthy," so the hapless victim double-clicked it and subsequently found himself sans one home directory.

Now, maybe we're just naturally suspicious people, but while we feel bad for this guy, it seems to us that there's a sort of Darwinian thing going on here and anyone with a Naïvete Quotient above 130 is being culled from the gene pool. First of all, downloading anything from the peer-to-peer networks with apps like Limewire seems to us to be a sure way to wind up with malware of some sort, or, at the very least, a raging lice infestation and a case of one of those diseases you aren't supposed to talk about in polite company. Secondly, upon spying the supposed Word 2004 demo, the victim proceeded to download it off of Limewire instead of visiting Microsoft's site to get the software from its official distribution point, or, indeed, to check to see if such a demo existed in the first place. (It doesn't.)
Click to expand...
 
syadasti

syadasti

i heart mac
Apr 15, 2002
12,690
290
VT
Originally posted by MtnBikerNJ
but everything else had been a "proof of concept" and no actual virus or anything yet. But from what it was looking like, there could have actually been some danger. That said, having 1 single security vulnerability like that surface, then have it fixed within a few days, is alot different than the many on windows...

as for 10.3.4, i now have it on 2 machines with no consequences noticed so far...
Click to expand...
You must be on some strong drugs, this vulnerability was discovered on February 23rd - Apple is just as slow as Microsloth in fixing their code:

http://www.technewsworld.com/story/33887.html

When you are less than 2% of the marketshare - its security through obscurity. What kind of idiot would attack such a small target or take over for zombie useage:rolleyes: Just think of what he would say to his friends - "Hey man - look at what I did, I crashed grandma's hello kitty computer" or "Now I've got the power of a half a dozen sort fast, not the first ever desktop 64-bit computer to start my DOS attacks. If I'm lucky, I'll have enough power to take out a small business website :D"
 
Toshi

Toshi

Harbinger of Doom
Oct 23, 2001
38,549
7,874
Originally posted by syadasti
You must be on some strong drugs, this vulnerability was discovered on February 23rd - Apple is just as slow as Microsloth in fixing their code:
Click to expand...
while i agree with you that apple has been slow to fix some holes (and release patches for openssl among other things), the rest of your post is tripe.

there are no zombie mac os x computers because these exploits don't lend themselves to that. even if they can delete a file with a known path, they can't exceed the user's permissions by definition. certainly they can't take over the entire machine and turn it into a spam or ddos bot as is common on windows (where everybody pretty much runs as an administrator, which on windows is more like root than an os x "admin" account).
 
You must log in or register to reply here.
Top Bottom