Apple has released a Security Update via its Software Update. According to the release notes: “Security Update 2003-11-19 includes the following updated components: OpenSSL, zlib “gzprintf()” function” (for 10.3 and 10.2.8). Yesterday, Apple released an update to its Bluetooth drivers and stack too.
Mac OS X Security Update; Updated Bluetooth Stack
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
thanks, i didn’t check for updates today, you let me know instead…time to reboot…
You still have to reboot after an update? I thought Mac was unix-like?
This is what people don’t understand about OS vendors. Much like Microsoft, it is simply easier to have your users reboot then give the necessary steps on how to stop/start the required service because as we all know – about 90% of the people would only then screw that up and then hose their machine.
This is what people don’t understand about OS vendors. Much like Microsoft, it is simply easier to have your users reboot then give the necessary steps on how to stop/start the required service because as we all know – about 90% of the people would only then screw that up and then hose their machine.
Yep. that’s mainly the case. however if apple wants to start taking a piece of the server pie with unix and xserves, they need to fix this flaw. i haven’t had to reboot my linux server even after massive updates in 100s of days.
eh, in XP reboots for stuff arn’t to common, i would expect with the same kind of patch it would need a reboot. I do hate apps that require a reboot, which are rare. Then their came iTunes for windows. Which is the reboot king. Have to reboot to install or uninstall. And since I’m forever re-installing doing to it crashing it gets very old very fast. I had thought we had moved past such times.
“Much like Microsoft, it is simply easier to have your users reboot then give the necessary steps on how to stop/start the required service…”
Why would you have to MANUALLY restart services? Ive never had to do that in*BSD/[GNU/Linux]
Because they have no way of knowing what services the user may have installed that need these functions. Both SSL and Zlib functionality are used in applications throughout the system, and it would be nearly impossible to track down every running process that links to them and restart it. Previous OS X security updates that affected non-critical code have not required updates: things like SSH updates. In case like that, the OS can just restart dependent service. This patch is too wide reaching, however.
hitting the restart button after the update was installed and booting back into the desktop took about 90 seconds for a G4 1.25 dual. No big deal at all.
“hitting the restart button after the update was installed and booting back into the desktop took about 90 seconds for a G4 1.25 dual. No big deal at all.”
Agreed. Who cares if once in a while a reboot is needed? It is not that common to have to reboot in the first place, and when you do…big deal. You are back to work in a few seconds anyhow.
I do agree though that when it is possible, and as I understand it, most of the time this happens, the OS should simply restart the updated services automatically. Reboots aren’t a big issue and in some way they are just a convenient means (especially for many end users who don’t want to go and restart services on their own) to restart services.
” I do agree though that when it is possible, and as I understand it, most of the time this happens, the OS should simply restart the updated services automatically. Reboots aren’t a big issue and in some way they are just a convenient means (especially for many end users who don’t want to go and restart services on their own) to restart services. ”
Hopefully Apple will implement this in MacOSX Server where it is needed the most. I do see the benefits of services restarting and is needed if Apple wants its server OS in more high availability operations.
“Hopefully Apple will implement this in MacOSX Server where it is needed the most. I do see the benefits of services restarting and is needed if Apple wants its server OS in more high availability operations.”
True. Mission-critical enterprise applications can’t wait for reboot downtime. Having an instantaneous, automated restart of services will really help OS X server become more popular. Having played with it a little and hearing from those that interact with it regularly, it is a really nice server, but rebooting for something that is targeting the enterprise seems a bad combination.
For the end use however, I don’t see a reboot as a big issue. I am sure that if OS X server doesn’t get to restarting services automatically, they should be able to do so manually (if they can’t now). Once they have automated service restarts handled at the server end, I am sure it would be easy to get the same ability in the client end.
You don’t have to reboot.. stop getting your panties in a bunch. Force quit the installer if you used the GUI (not necessary if you used the command-line softwareupdate command).. Then if you know it affected OpenSSL, just open a Terminal window and killall -HUP sshd (and any services that use OpenSSL). Or open the Sharing tab in System Preferences and restart the services via checkbox.
Just because Apple says you need to reboot doesn’t mean they have a gun at your head forcing you to do it. If you have a clue how to restart services yourself do it and keep your uptime. Apple is just making things easy for the 99% of Mac users, which are usually clients, not admins.
Thank you Glenn! Thank you very much!
Im happy to see someone in this thread posting something of value.
You can also use the SystemStarter command
which uses the name of startupitems in /System/library/StartupItems and /Library/StartupItems
e.g.
SystemStarter NFS restart
After installing the update with Software Update I can no longer mount encrypted disk images: Finder just spits out a warning “no mountable file systems”. On a Panther system without this “security update” it still works. Bummer, I say.
and it’s security issues ?
http://www.insecure.ws/article.php?story=20031119022325244
Nope, those insecurities are still there. Apple really needs to do something about that as it looks like a very serious vulnerability.
You have to reboot most of the time with XP etc, because the patches are system based and they are part of the kernel. Why the recommend reboots with applications, i don’t know.
Its not because users are too dumb to restart services manually.
Some people who are running a live 24/7 server will care about reboots – it takes the machine/users off-line. And it affects their SLA.
I certainly don’t have to reboot my SUSE system after a patch because their patch system automatically stops/restarts services after patching. I am surprised Apple doesn’t have this sort of system
Usually only for security updates and some device driver level updates. Many times reboot is never required. On Windows (98 at least) I have found that a reboot is required almost every time.
hi
what i dont understand is, why does MacOSX reboot after i installed the patch? it seems like there had been lots of changes in the core system, that doesnt work if you just reboot a service.
does macosx support automatic service reboot like BeOS does with its single components?
comrad
1) They changed a shared library used by almost every program on the system. For the change to become affective, all programs using the shared library would have to be ended and then restarted. Also, remember that Darwin can use dynamic kernal-extentions (drivers), thus some or all drivers may need to be dumped and then reloaded (reboot is about the only way to make this happen correctly). Linux doesn’t have this problem since all drivers are static; you just need to reboot the system to use the new driver (most are build into the kernel so you might also need to rebuild the kernel).
FreeBSD is moving /bin & /sbin to be dynamic; thus, if you update “libc”, then all the programs in /bin & /sbin are automatically patch; however, the flip side is that all dynamic services will need to be shut down and restarted.
2) The other change was OpenSSL, this is a low-level protocall used for: remote sign-on, security FTP, Apache, WebDAV, web browsers, etc. Again, rebooting will disconect and restart all these services; however, you might be able to just disconnect yourself from the network and restart the services. You would also have to drop any user programs that supports OpenSSL and restart them.
——————–
What I like about Apple is that they never ask you to reboot after installing an Application. (I still don’t know why installing MS Office on a Windows system needs to replace system libraries!)
it’s really incredible how the Mac OS has matured… Every iteration has been a movement in a positive direction. They’ve successfully implemented the son-of-NeXT into a robust USABLE environment for anyone… from ol’Graphic Designers (like myself) to *NIXers… I’m continually astonished at what OS X can do, even with an ol’G3/333 laptop (w/o openGL), to my Dual 867… Last night I caught myself listening to a Quicktime streaming broadcast, burning some audio CDs, transfering some files using an unregistered version of Aquisition, surfing the web, playing some QTime movies all at the same time with NO glitches. Geez, earlier on in the day I had to reboot my XP system several times before I successfully created some b/u cds…
With updates I find that OS X has been pretty good in regards to restarting. yes, it also seems that restarts are being required less and less as time goes by. I only reboot my machine when the updates require me to! Other than that I leave my machines ON.
So this is that update that apple was not gonna patch Jaguar, that the media (Read OSnews!) jumped all over apple, put did not post when they were going to patch the OS.. Now they have.
No, this is not an update to fix those vulnerabilities that are fixed in 10.3 but not in 10.2. In fact, the fix for 10.2 is only for 10.2.1 and not any later updates of 10.2.
No, this is not a Security Update for Safari.
Just because a Security Update comes out doesn’t mean it fixes every vulnerability and every app ever created for every system.
It also doesn’t mean that they aren’t continuing to work on those vulnerabilities and will never update for those issues.
Actually this is incorrect, the update fixes vulnerabilities up to Jaguar 10.2.8 and Panther up to 10.3.1.
I do not know where you are taking your information from or if you are trolling, but what you are saying does not make sense: there has been several security updates since 10.2.1, and any subsequent update to Jaguar up to 10.2.8 have included all the security updates.
Ack! What an outrage! I mean, I have to spend a few precious moments to actually WAIT for my system to start up again? All for just some updates that will be worth more than the time spent waiting for my system to reboot? Unacceptable!
And, then, on top of that… an unbelievable three bounces I have to wait for to load Mail and Safari (and two bounces thereafter)? Oh, the inhumanity! How inhumane! Call the SPCA! Call the Coast Guard! Call the Army! Navy! Marines! Buck Rogers from the 25th Century!
And, while you’re at it, call Gov. Schwartzenegger… I wanna autograph!
WARNING: HEAVY SARCASM IN USE – may not be suitable for those who take these issues seriously.
Luposian
It isn’t just an issue of convenience for you. What if someone is downloading a file off your computer? Or what if your computer is master browser for your network? Reboots disturb your entire network environment!
Open your eyes to the beauty of GNU/Linux. I reboot when I WANT to, not when I have to! I have never been forced to reboot my GNU/Linux systems, every time I reboot it’s because I want to.
And as many people said, think about high availability servers! Apple certainly will never get into this market if you have to reboot the OS just to update gzip! Know how you do that in GNU/Linux? apt-get install gzip, it takes 2 seconds and of course there’s no reboot.
Making you reboot to update gzip/SSL is completely ridiculous and speaks volumes about OS X’s poor design
OS X doesn’t reboot automatically, and nothing forces you to reboot at the very moment it says it needs to reboot.
I think that there is a severe lack of understanding of how MacOSX works out there.
MacOSX does not require a reboot for every single update out there.
MacOSX is also a consumer OS, you can say that it has been moderately more successful than Linux in this respect and most Mac users don’t harp about or care about uptimes.
Reboots also don’t take all day. Its not like every MacOSX user out there is running a high availability server. This is just bunch of huffing and puffing for nothing. All nitpicking with no substance.
How often does Apple deliver Patches for Osx?
http://www.macobserver.com/comments/commentindivdisplay.shtml?id=26…
Look, OS X isn’t a unix if you have to reboot, period. Stop giving silly excuses for a reboot. I updated ssl the other day on my linux box and Lord knows I didn’t have to reboot. Same on *BSDs. Why does Mac have to be the black sheep? Poor…poor…poor design.
Okay so now we can revert to nitpicking about a consumer OS like MacOSX not being available 1000 days, thats pathetic.
Linux isn’t Unix either.
The only people overly concerned about reboots is high availability data centers or server and nerds.
The average Apple user running a MacOSX client actually turns their machine off at night.
Many voices one Os:
http://www.macobserver.com/comments/commentindivdisplay.shtml?id=25…
Excuse my curiosity, but it seems that you’re not making anything else in your life than surfing the web and in particular Mac sites just to find bad things about OS X (without even caring about being on topic, or about how old your “informations” are). Are you making a living with that? Or is it personal, like you had some problem with Apple, or OS X? Have you been bitten by some (enraged) cat? Are you allergic?