Categories
Browse
This article explains how to replace an original iPhone with an iPhone 3G using the same carrier. If you follow these steps to backup your original iPhone first, and then restore the backup to your iPhone 3G, your saved SMS messages, email accounts, photos, notes, and other personal settings will be present on your iPhone 3G. More …
A week away, no reason not to kick the excitement up a notch.
InformationWeek reports Net Applications shows Mac OS X at 7.94%, resulting from an increase of 0.18% every month this year. Next month the report is expected that Mac OS X will be above 8%.
Security Update 2008-004 is recommended for all Tiger users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.
The description of what is contained in this security update are combined with the security fixes for Mac OS X v10.5.4.
Security Update 2008-004 and Mac OS X v10.5.4
* Alias Manager
CVE-ID: CVE-2008-2308
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of AFP volume mount information in an alias data structure. Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of alias data structures. This issue only affects Intel-based systems running Mac OS X 10.5.1 or earlier.
* CoreTypes
CVE-ID: CVE-2008-2309
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact: Users are not warned before opening certain potentially unsafe content types
Description: This update adds .xht and .xhtm files to the system’s list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system’s ability to notify users before handling .xht and .xhtm files. On Mac OS X v10.4 this functionality is provided by the Download Validation feature. On Mac OS X v10.5 this functionality is provided by the Quarantine feature. Credit to Brian Mastenbrook for reporting this issue.
* c++filt
CVE-ID: CVE-2008-2310
Available for: Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact: Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution
Description: A format string issue exists in c++filt, which is a debugging tool used to demangle C++ and Java symbols. Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of format strings. This issue does not affect systems prior to Mac OS X 10.5.
* Dock
CVE-ID: CVE-2008-2314
Available for: Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact: A person with physical access may be able to bypass the screen lock
Description: When the system is set to require a password to wake from sleep or screen saver, and Exposé hot corners are set, a person with physical access may be able to access the system without entering a password. This update addresses the issue by disabling hot corners when the screen lock is active. This issue does not affect systems prior to Mac OS X 10.5. Credit to Andrew Cassell of Marine Spill Response Corporation for reporting this issue.
* Launch Services
CVE-ID: CVE-2008-2311
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A race condition exists in the download validation of symbolic links, when the target of the link changes during the narrow time window of validation. If the “Open ’safe’ files” preference is enabled in Safari, visiting a maliciously crafted website may cause a file to be opened on the user’s system, resulting in arbitrary code execution. This update addresses the issue by performing additional validation of downloaded files. This issue does not affect systems running Mac OS X 10.5 or later.
* Net-SNMP
CVE-ID: CVE-2008-0960
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact: A remote attacker may be able to spoof an authenticated SNMPv3 packet
Description: An issue exists in Net-SNMP’s SNMPv3 authentication, which may allow maliciously crafted packets to bypass the authentication check. This update addresses the issue by performing additional validation of SNMPv3 packets. Additional information is available via http://www.kb.cert.org/vuls/id/878044
* Ruby
CVE-ID: CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact: Running a Ruby script that uses untrusted input to access strings or arrays may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues exist in Ruby’s handling of strings and arrays, the most serious of which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of strings and arrays.
* Ruby
CVE-ID: CVE-2008-1145
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact: If WEBRick is running, a remote attacker may be able to access files protected by WEBrick’s :NondisclosureName option
Description: The :NondisclosureName option in the Ruby WEBrick toolkit is used to restrict access to files. Requesting a file name which uses unexpected capitalization may bypass the :NondisclosureName restriction. This update addresses the issue by additional validation of file names. Additional information is available via http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ The directory traversal issue described in the advisory does not affect Mac OS X.
* SMB File Server
CVE-ID: CVE-2008-1105
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact: A remote attacker may be able to cause an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of SMB packets. Sending malicious SMB packets to a SMB server, or connecting to a malicious SMB server, may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking on the length of received SMB packets. Credit to Alin Rad Pop of Secunia Research for reporting this issue.
* System Configuration
CVE-ID: CVE-2008-2313
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A local user may be able to execute arbitrary code with the privileges of new users
Description: A local user may be able to populate the User Template directory with files that will become part of the home directory when a new user is created. This could allow arbitrary code execution with the privileges of the new user. This update addresses the issue by applying more restrictive permissions on the User Template directory. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Andrew Mortensen of the University of Michigan for reporting this issue.
* Tomcat
CVE-ID: CVE-2005-3164, CVE-2007-1355, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3383, CVE-2007-5333, CVE-2007-3385, CVE-2007-5461
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in Tomcat 4.1.36
Description: Tomcat version 4.x is bundled on Mac OS X v10.4.11 systems. Tomcat on Mac OS X v10.4.11 is updated to version 4.1.37 to address several vulnerabilities, the most serious of which may lead to a cross-site scripting attack. Further information is available via the Tomcat site at http://tomcat.apache.org/ Tomcat version 6.x is bundled with Mac OS X v10.5 systems.
* VPN
CVE-ID: CVE-2007-6276
Available for: Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact: Remote attackers may be able to cause an unexpected application termination
Description: A divide by zero issue exists in the virtual private network daemon’s handling of load balancing information. Processing a maliciously crafted UDP packet may lead to an unexpected application termination. This issue does not lead to arbitrary code execution. This update addresses the issue by performing additional validation of load balancing information. This issue does not affect systems prior to Mac OS X 10.5.
* WebKit
CVE-ID: CVE-2008-2307
Available for: Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit’s handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Along with this fix, the version of Safari for Mac OS X v10.5.4 is updated to 3.1.2. For Mac OS X v10.4.11 and Windows XP / Vista, this issue is addressed in Safari v3.1.2 for those systems. Credit to James Urquhart for reporting this issue.
McAfee decided to find out what would happen if uses actually responded to spam email, mostly requesting to be removed from their email lists. Not surprising, the request was refused. The bait was a new PC, to bring enough volunteers. Phishing and money laundering attempts are the majority of the email. McAfee to announce their results next Tuesday, the 8th, according to Network World.
AT&T Announces iPhone 3G Pricing Existing AT&T customers who are not currently eligible for an upgrade discount can purchase iPhone 3G for $399 for the 8GB model or $499 for the 16GB model. Both options require a new two-year service agreement. In the future, AT&T will offer a no-contract-required option for $599 (8GB) or $699 (16GB).
AppleInsider has a comparison chart of old vs. new plans
AppleInsider: How to hand-down your old iPhone after upgrading to iPhone 3G
Safari 3.1.2 for Mac OS X 10.4.11 patches a WebKit vulnerability.
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
A memory corruption issue exists in WebKit’s handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari v3.1.2 for Windows XP or Vista, and systems running Mac OS X v10.5.4. Credit to James Urquhart for reporting this issue.
The Mac OS X 10.5.4 Update is recommended for all users running Mac OS X Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.
What’s included?
General
* Includes recent Apple security updates.
* Resolves an issue with saving and reopening Adobe Creative Suite 3 files on a remote server.
* Includes additional RAW image support for several cameras.
* Addresses an issue that may result in a partially installed X11 application.
* Improves L2TP VPN client reliability.
AirPort
* Addresses AirPort reliability issues with 5GHz networks.
* Addresses AirPort issues that may result in slower performance in Logic Studio or MainStage.
iCal
* Improves overall iCal reliability for meeting requests, cancellation notices, delegation, and syncing with iPhone.
* Resolves an issue that prevents deleting an iCal event without notifying the creator.
* Addresses an issue in which events in all calendars affect availability. A checkbox now enables information-only calendars to be transparent from free/busy lookups.
* Resolves a UI issue preventing delegated calendars from showing up as a separate window.
* Addresses an issue with copying and pasting attendees from one event to another.
* Resolves an issue in which iCal may not delete events after a specified time interval, even when set to do so in iCal preferences.
* Addresses an issue in which To Dos cannot be marked private.
Safari
* Addresses a potential performance issue when loading secure web pages.
* Resolves issues that may be encountered when accessing secure web pages with client certificates that reside on a smart card.
Spaces and Exposé
* Addresses an issue in which switching from a space with a Finder window keeps the Finder as the active application instead of the application residing in the destination space.
* Fixes an issue in which dragging an application from the list of application assignments in Spaces System Preferences does not assign the application to the desired space.
* Resolves an Exposé issue that may result in only a subset of windows being shown.
Pro Applications Updates improve reliability for Apple’s professional applications and are recommended for all users of Final Cut Studio, Final Cut Server, and Logic Studio.
Pro Applications Update 2008-02 addresses installation issues, compatibility updates, and general performance issues and improves overall stability.
Applications included in the update:
Final Cut Pro 6.0.4
Compressor 3.0.3
The move to Intel processors brought along many hardware similarities with their now PC brethren. One advantage not always available in PPC Macs is overclocking. Previously overclocking often involved unsoldering and soldering transistors or timing crystals on the motherboard. This, unsurprisingly, created the CPU upgrade market.
Overclocking has been a staple in the PC world nearly since the beginning. Motherboards are often judged on their ability to be overclocked. ZDNet (Germany) has the first such tool for the Mac Pro. All done in software, it is an easy way to boost memory frequency, front side bus and CPU speeds:
ZDNet uses three Mac Pros as test machines. One comes from the first Intel/Mac Pro generation (Mac Pro 1.1) with 65-nanometer processors and 1333-MHz front side bus. The others come from the third generation with 45-nanometer processors and 1600-MHz front side bus, as sold by Apple since January 2008 (Mac Pro 3.1). The first computer is equipped with two 2.66 GHz X5355 processors, and runs stable at 3.10 GHz, see figure 2. The other two have two 2.80 GHz E5462 processors. These can be overclocked up to 3.24 GHz and remain stable.
All PPC Macs are not left out in the cold. If your Mac has an ATI video card, such as a Radeon 9800 Pro or a Radeon X800 XT or before, there is ATIccelerator II. The big advantage over the previous Graphiccelerator is that ATIccelerator does not flash the video cards ROM. Only the latest Radeon X1600 and X1900 cards are not supported.
ATIccelerator II can change ATI graphics cards frequencies live, on-the-fly, under Mac OS X. It’s much more sophisticated and convenient to use than Graphiccelerator for the following reasons:
* no potentially dangerous flashing required
* no cumbersome three-steps process (dump, modify, then reflash ROM)
* no need to reboot for every frequency change
* no OS 9 required (that’s right, G5s and other recent OS 9-free Macs are now supported!)
It is not only the iPhone that will be surging. iPod is predicted to increase sales by 15%. iPod classic numbers are expected to result in fewer iPhone Touches sold. MacBook and MacBook Pro may increase by as much as 35 percent. Desktops and Mac Pros are in for a 20 percent increase. It is expected that chip makers will now respect what is obviously healthy productions levels, InformationWeek reports.
Calendar
Resources
