Apple today released “Security Update 2005-003” which delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:
• AFP Server
• Bluetooth Setup Assistant
• CoreFoundation
• Cyrus SASL
• Folder permissions
• Safari
• Samba
“Security Update 2005-003” (15.4 MB) is available via Software Update. For detailed information on this Update: http://docs.info.apple.com/article.html?artnum=301061
More than one dozen CEOs, including Apple’s outgoing CEO Tim Cook, will join the U.S. delegation as President Donald Trump travels…
An excerpt from “Steve Jobs in Exile: The Untold Story of NeXT and the Remaking of an American Visionary” by Geoffrey Cain, coming May 19th…
Apple and Google have led a cross-industry effort to bring end-to-end encryption to Rich Communication Services (RCS), making the…
Apple today pushed out the latest point updates across its mobile platforms: iOS 26.5, iPadOS 26.5, and watchOS 26.5. While not a…
Apple just dropped a fresh round of updates for its less headline-grabbing platforms: tvOS 26.5, visionOS 26.5, and HomePod software 26.5…
Proactive security updates… cool. I like their solution to the Unicode URL problem. Other vendors have entirely disabled Unicode URLs, that’s simply an unacceptable solution, and yet here Apple comes up with an original idea to handle it. If they’ve gotten the idea from someone else, my apologies, but this is the first time I’ve heard of this method.
Unicode URLS allow malicious websites to appear as “www.bankofamerica.com” or whatever by using alternate characters from foreign languages that look identical to our Roman characters. There are so many potential characters that could be used to abuse this, there hasn’t been a great way of handling it yet. Disabling Unicode URLs would mean forcing everyone in the world to use english while registering their domain names instead of being able to use their native languages.
So apparently Apple is using “Punycode” as a limited font that does not contain characters allowing others to falsify english domain names. I’m curious to learn more about this. Really neat idea though.
Yay im not getting pop-ups anymore!
To give credit, I believe that Firefox is also using this solution. If anyone can confirm this, thanks.
Nonetheless, it’s good to have a fix.
I still have pop-ups from here… in fact, I get them EVERY TIME I come here, not just once per day as MDN claims!
I haven’t gotten pop ups for at least a month.
I was getting them every time i came here at one point, back when everyone else was, but it seems fixed on my end.
didn’t get one just now but I have been getting them every time 🙁
just got a popup
Odd…I’ve NEVER had pop-ups at MDN.
I’m using Safari (and occasionally Camino) on 10.3.8
Nevermind…I get them with Camino…I guess PithHelmet (v. 0.7.3) makes Safari immune.
AFAIK, punycode was introduced in the Firefox 1.0.1 release.
On a sidenote…and just out of curiosity; I never really understood the legal relationship between the author of a non-secure browser and/or a bank with an insecure frontsystem and the enduser who just got “phished away”. Would it be possible for an enduser to sue the author for releasing a non-secure piece of software at all? Or did I miss some cosy part of the EULA?
I am still getting popunders even after this update. Not like Apple to let this go on for so long.
Magic Word: why. Why oh why do advertisers have to worm their way into every aspect of daily life. I put them in the same category as spamers, and pond scum.
Hey, if you want to blame someone for the pop-unders, place the blame where it belongs–MDN.
MDN: Why should your readers have to go through the ridiculous step of finding the cookie that blocks these pop-unders?
In other respects, you are such a great site–how about treating your readers with respect on this?
for those still getting pop-ups at MDN, go here -http://www.fastclick.com/v4/safe_optout.go
Skyblue, Lenzcap,
If you want to kill the pop-up/unders try the following:
1) If a Safari or IE user, open up the Activity window and make note of the hosts that spew ads. Add them to your /etc/hosts file and send them to 127.0.0.0. You can also download a number pre-made version off the web.
2) If you are a FireFox user, try using the Adblock extension either by itself or in conjunction with a modified /etc/hosts. Adblock works quite well, I wish there were a Safari version.
I was curious so I went to Secunia’s test page (http://secunia.com/multiple_browsers_idn_spoofing_test/) and it still says Safari’s vulernable. But, take a look at the address bar. Interesting.
I reset Safari frequently, so the FastClick link is useless to me.
Besides, why should I beg a company to stop popping me under when that is their reason for being. It seems I get more, not less pops after clicking their link and re-setting afterwards. I think clicking their link is like responding to SPAM. You just get more of what you don’t want.
Also, backing up to a page where I got a pop-under before makes me get smacked with another one.
MDN has got to put a stop to this, not us readers…that is, unless MDN wants us to put a stop to it by boycotting the site.
Thanks, MDN… NOT~!
OK, MDN…. I’ll turn down the heat a little.
After installing the Security update, I get no more pop-unders… for now. However, you might wish to re-think the issue, because when I’m accessing your site from the PC at work, “I Can’t Get No Satisfaction” on IE.
Nothing I can do about it there, and it is extremely annoying.
****
Safari’s fix for the IDN spoofing is inadequate.
Clicking on Secunia’s test link still takes you to the site you’re not supposed to want to go to. Let’s face it, how many of us actually LOOK at the status bar before we click a link. And since displaying the status bar is not the default setting for Safari, plenty of users won’t even see the URL. The status bar just will not be there to make the report most wouldn’t notice even when it is there.
For the past month, I have been using Saft (and before that Saft Lite) to intervene with an alert showing the real URL and preventing the site from loading without more active thinking by the user.
With the update, Saft is no longer functioning this way with this vulnerability on Secunia’s test site, that is, until its developer comes up with his own update to restore it. Time to email the guy.
Apple should have done what Saft was doing instead.
Last security update has gotten rid of those pop under ads.
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
Maybe you should try working.
I’m pretty sure that if you do it will take care of the popunder.
I for one will not be installing “ANY” OS X security patches. That’s too windozey! The mac’s so secure it doesn’t need it anyway.
Mac OS X has absolutely no vulnerabilities and I am shocked that MDN would even stoop to suggest that it does.
Apple has delivered the “perfect” os.
Magic Word- Above, as in Apple are above security patches
” width=”19″ height=”19″ alt=”snake” style=”border:0;” />
We had a lot of problems… but an easy fix…
As transcribed from the Macnn.com forums and Apple discussions:
Ok. Yesterday, at work, we installed this update on 3 Macs.
After restarting, 2 of the 3 Macs had/have severe problems at startup that fail to resolve.
It immediately beachballs at login to that user (of which the security update was installed).
Finder, Photoshop, Quark (not out of the ordinary), and any other programs all “are not responding” from the dock’s submenu and have to be force quit. However, going into another user, things appear to work fine… but we do not want to have to move to another user, because all the fonts (checked install for all users, but that never works anyway in Font Book) wont carry over, not to mention having to reset all preferences.
***
I’ve reinstalled the secupd. Still getting the same problems… BUT, the main conflict seems to be with Safari (application not responding) and any network access. Our network drive is called “data” and it’s set to automatically mount at startup. It pops up a finder window and shows its’ connected, but the contents of said window never update… it’s a blank window… then the pointer beachballs… those other apps seem to be ok… but Safari and the Finder aren’t. Now, I can mount Data from any other user fine. Just not the one we work from.
***
I tried Xupport clearing the caches, and running all the cron scripts… I used Disk Utility…
Then, as a last resort, tried deleting the Finder and Safari Preferences/and Safari Cache…
sure enough, it worked fine ONLY after deleting those 3 files.
We are back to our normal selves… My boss is pretty upset we lost half a day of production on an Apple sanctioned update… but, on the bright side, this should probably go into the help file or say to do that up front if you experience any problems, as it affected 2 of 3 Macs… Who knows what that may extrapolate to.
If you have OS X Server and use it as a mail server – be cautious with this update. A number of users seem to be having IMAP/Cyrus issues after installing this update on OS X server.
There is more discussion of this issue in the Apple Support Site’s discussion area.
Will you windoze trolls stop with your lying.
Apple does not have nor have they ever had “any” kind of update. Their OS is always perfect out of the box. But If they ever did do an update or patch you can bet it would be a perfect patch and no one would have any problems with it.
I’m sick of all this Apple bashing…
M/W-always, as in- there will always be trolls in here…