Security Quest #14: Apple Releases Security Patches

Apple released Security Update 2007-009 for OS X 10.4.11 Tiger and OS X 10.5.1 Leopard on Monday. The Apple support article lists 41 vulnerabilities that were patched. Patched components include Core Foundation, CUPS, Flash Player Plug-in, Launch Services, perl, python, Quick Look, ruby, Safari, Samba, Shockwave Plug-in, and Spin Tracer. The update requires a reboot.

The Leopard update was a 35.4MB download on my Intel Macs through Apple Automatic Update. It’s also available as a 35.6MB standalone download. There are two versions for Tiger. The PPC version is a 15.9MB standalone download and the Universal version is a 27.4MB standalone download.

I applied the update to my iMac, MacBook and Mac Mini. All are running OS X 10.5.1 Leopard on Intel cpu’s. I’ve been running the update for a little over a day without a specific problem but have had some new instability. Not necessarily due to the updates, but they are new problems.

On my iMac Parallels is a bit unstable. Windows XP SP2 is having some network connectivity issues and some keyboard issues. On the network side of things some connections time out through Windows while connecting fine in OS X. There’s so many potential failure points for Internet sites it’s hard to point the finger at the update and be sure. The keyboard issue within Parallels is more annoying. Sometimes the VM starts up in caps mode (while staying lower case in OS X) until I restart the VM. It also buffers keystrokes and falls behind my two-finger typing. But, I haven’t seen any info that others are experiencing the problem.

My MacBook has gotten the gray screen of death once since the update. It was soon after startup and Safari was the only app running. I think that was the first OS crash for the MacBook. It’s been OK since and I’m using it now.

The problems can’t be tied to the update and they aren’t persistent, but my Macs have been stable and the updates were the last change before the problems occurred. That’s usually the place to start.

 

Spam Counts

Time to start keeping track of my spam again, at least for awhile.

Spam to my primary GMail mailbox (which manages multiple email addresses) has had seven spam messages in the last 30 days. What’s interesting is which e-mail addresses were used. Back in October when I redesigned the web site I decided to stop using two addresses which appeared on the site. I removed one at that time. I missed the second one and it still appears on the web site in clear text/html since I removed the obfuscation plug-in. The one in clear text since October picked up three email messages that are clearly spam. The address that I removed was picked up by a software company and I received three “promotional” emails from them. You could say they’re on topic for the blog but there’s no unsubscribe link and GMail sees them as spam.  The seventh spam email was sent to my Yahoo email which I’ve never given out. I canceled AT&T/Yahoo as my ISP but the email account remains.

A GMail address I use extensively picked up 2 spam messages in the last 30 days, both blocked by GMail. I don’t use this account with places that are high spam risks but I’m actually surprised there’s not more yet.

A third GMail address that gets used almost exclusively where there’s a high risk of spam received 154 spam emails in the last thirty days. This is less than 50% of what the count was in June. On June 24th there were 343 spam messages in the previous 30 days.

Much to GMail’s credit their spam filter works well for me a they didn’t let anything through and didn’t flag anything I wanted.

I use the Spam Karma plugin for WordPress on this website. So far its caught 7,341 spam comments.

 

News & Links

Apple.com: About the security content of Java Release 6 for Mac OS X 10.4 – Apple released a java security update for mac OS X 10.4 Tiger. I don’t have any Macs running Tiger so don’t have any first hand experience.

Apple.com: Safari 3 Beta Updated – Safari 3.0.4 beta for Windows XP/Vista.