As the Apple Turns    About    Reruns    Contact    Preferences Mon 10:49 PM

Second Time's The Charm (6/8/04)
SceneLink
 

Speaking of Steve's fireside chat at D: All Things Digital (and other stuff we didn't get to mention yesterday), it was there that he broke the news that Apple would be posting another security patch before the day was through-- and sure enough, Security Update 2004-06-07 first started materializing in Software Update late yesterday afternoon. It's svelte (less than a megabyte) but powerful; according to Steve, this update will finally close those heinous holes which Apple's first attempt at a fix left wide open. "If at first you don't succeed," and all that crap.

Being both paranoid enough about Apple software updates to worry that the cure might be worse than the disease and too lazy to bother clicking a button ("oh... it's all the way over there"), we haven't yet installed the update, instead preferring to watch others go first just to see if they burst into flame or anything. It sounds like it takes the right approach to sew up those URI holes, though: "Mac OS X will now present an approval alert when an application is to be run for the first time either by opening a document or clicking on a URL related to the application." Meaning, it should be a lot tougher for technojerks with too much time on their hands to slap together web pages capable of automatically deleting all your iTMS purchases without even bothering to ask you if you'd mind.

Oh, and this is kind of cool, too: presumably in response to complaints that its communication about security issues was a little bit lacking (e.g. "There were problems; this fixes them"), there's some pretty detailed info about exactly what this latest security update does, including "Impact," "Discussion," "Further Information," and links to entries at Common Vulnerabilities and Exposures for each applicable fix. Plus there's a whole separate page that does a pretty nice job describing the problem with applications automatically being launched, and shows the new warning dialog intended to protect you. "You want communication? We gotcher communication right here, buddy."

You may recall that there was also some criticism that Apple took months 'n' months to patch the hole, having been told about it in February but not having worked on a fix until the guy who found the vulnerability went public with it last month. Well, at his D:chat Steve admitted that the company knew about part of the problem in February, but claimed it didn't realize the seriousness of the hole until it found out about the second part just three weeks ago. And three weeks isn't all that poor a turnaround time, right?

Assuming, of course, that this update actually fixes the problem. It's been twenty-four hours and we haven't seen any definitive reports to the contrary, but The Register claims that even after applying the update to a 10.3.4 test system, it was still susceptible to Unsanity's test exploits. Just an isolated fluke? Several people have told us (and several more have told The Reg) that the update blocked the exact same test exploits for them, so yeah, probably. But hey, if it wasn't, what's yet another security update between friends?

 
SceneLink (4744)
And Now For A Word From Our Sponsors
 

Mash-ups and original music by AtAT's former Intern and Goddess-in-Training

Prim M at YouTube
 

The above scene was taken from the 6/8/04 episode:

June 8, 2004: No new Power Macs today-- but by the end of the week, for sure! Meanwhile, did Steve admit that Apple had developed a PDA that never made it to market? And the latest security update succeeds where the last one failed (probably)...

Other scenes from that episode:

  • 4742: This Week-- Scout's Honor (6/8/04)   Why, it's déjà vu all over again! No doubt you recognize this recurring scenario from your own tortured past: rumors fly that a Power Mac G5 speed bump will ship in, say, a week; a week passes; new rumors insist that the speed bumps will now ship in two weeks; two weeks fly by; still more rumors now figure the speed bumps for a month later; a month elapses and the only bumps you see are the ones on your head from banging it against a conveniently located wall...

  • 4743: Last Gasp For The PDA Crowd (6/8/04)   Boy, between the Power Mac rumors and the AirPort Express intro and, if not actually the announcement of Euro iTMS, then at least the announcement of the announcement, things sure were crazy yesterday...

Or view the entire episode as originally broadcast...
Vote Early, Vote Often!
Why did you tune in to this '90s relic of a soap opera?
Nostalgia is the next best thing to feeling alive
My name is Rip Van Winkle and I just woke up; what did I miss?
I'm trying to pretend the last 20 years never happened
I mean, if it worked for Friends, why not?
I came here looking for a receptacle in which to place the cremated remains of my deceased Java applets (think about it)

(1331 votes)
Apple store at Amazon

As an Amazon Associate, AtAT earns from qualifying purchases

DISCLAIMER: AtAT was not a news site any more than Inside Edition was a "real" news show. We made Dawson's Creek look like 60 Minutes. We engaged in rampant guesswork, wild speculation, and pure fabrication for the entertainment of our viewers. Sure, everything here was "inspired by actual events," but so was Amityville II: The Possession. So lighten up.

Site best viewed with a sense of humor. AtAT is not responsible for lost or stolen articles. Keep hands inside car at all times. The drinking of beverages while watching AtAT is strongly discouraged; AtAT is not responsible for damage, discomfort, or staining caused by spit-takes or "nosers."

Everything you see here that isn't attributed to other parties is copyright ©,1997-2025 J. Miller and may not be reproduced or rebroadcast without his explicit consent (or possibly the express written consent of Major League Baseball, but we doubt it).