Apple update addresses security holes, Daylight Saving Time
Apple released nine software updates on Thursday that make adjustments for new Daylight Saving Time, address issues during two security researchers’ self-proclaimed “ Month of Apple Bugs,” and fix bugs in Final Cut Pro. The fixes are available now via Mac OS X’s built-in Software Update utility.
Daylight Saving Time changes
Five of the updates released Thursday cover new Daylight Saving Time rules put into place for 2007. Beginning in 2007, North American Daylight Saving Time will begin on the second Sunday in March and conclude on the first Sunday in November. Previously, Daylight Saving Time began on the first Sunday in April and concluded on the last Sunday in October.
The current version of Mac OS X was updated to follow those time-change rules as a part of the OS X 10.4.5 update. However, that update did not cover changes in Daylight Saving Time in other regions, including Alberta (Canada), Australia, and Brazil. The new Daylight Saving Time Update (Tiger) adds compatibility with those regions.
In addition, Apple released the Daylight Saving Time Update (Panther), which updates Mac OS X 10.3 systems for all the changes covered in both the 10.4.5 update and the new Tiger update.
Finally, a WebObjects 5.3.3 Update updates Apple’s WebObjects web-application software to be compatible with the new time guidelines.
Apple has also posted a detailed technical document with more information about Daylight Saving Time changes and how to work around the new rules on older Mac OS versions.
“Month of Apple bugs” fixes
Three of the other Thursday updates involved addressing bugs found by security researcher Kevin Finisterre and hacker “LMH” during their monthlong event aimed at exposing security flaws in Apple products and products that run on Apple systems.
On systems running Tiger, the update addresses a bug in which “a maliciously crafted disk image may lead to an application crash or arbitrary code execution,” according to Apple’s published release notes. Apple credits Finisterre for reporting the bug, which was posted on the Month of Apple Bugs site as “Apple Finder DMG Volume Name Memory Corruption” on January 9.
On systems running Tiger or Panther, the update addresses a Bonjour bug in which “attackers on the local network may be able to cause iChat to crash,” according to Apple. This bug was listed on Month of Apple Bugs as “Apple iChat Bonjour Multiple Denial of Service Vulnerabilities” on January 29. ( Macworld is unable to link to the Month of Apple Bugs page regarding this bug, as it contains an image designed specifically to crash Web browsers based on Apple’s WebKit framework.)
On systems running Tiger or Panther, the update addresses a vulnerability in iChat’s AIM URL handler that “may lead to an application crash or arbitrary code execution,” according to Apple. The bug was announced on Month of Apple Bugs as “Apple iChat aim:// URL Handler Format String Vulnerability” on January 20.
Finally, on systems running Tiger or Panther, the update addresses a vulnerability in the UserNotificationCenter process that could potentially grant system privileges to malicious users. This bug was announced on Month of Apple Bugs as “Apple UserNotificationCenter Privilege Escalation Vulnerability” on January 22.
Final Cut Pro 5.1.3
On Thursday Apple also updated Final Cut Pro to version 5.1.3, an update which “provides important bug fixes,” according to Apple. According to Apple’s Final Cut Pro documentation, the update includes fixes to provide compatibility of render files between PowerPC- and Intel-based Macs, returns missing keyboard commands to the default keyboard layout, and fixes a bug involving cross dissolves in a nested sequence containing still images.