back to article Apple unleashes monster patch batch on Mac faithful

Apple released a massive security update on Tuesday that patched at least 80 vulnerabilities in its Tiger and Leopard operating systems, many of which were critical. The massive patch batch amounts to a download of more than 105MB, and that doesn't include a separate 25MB file that installs version 3.1 of Apple's Safari …

COMMENTS

This topic is closed for new posts.
  1. Paul
    Happy

    105mb?

    Err, no it isn't, it's 50.5mb, I'm downloading it at this moment.

    Perhaps the Tiger update is 105mb, but the patch from 10.5.2 is less than half that.

    Still a pretty chunky patch, but no need for exaggeration.

  2. Anonymous Coward
    Coat

    Monster patch?

    Vista SP1 @ 435MB, now THAT'S a monster patch!

  3. christopher
    Coat

    An Apple with a hole.

    Is a sure sign of a worm. :p

    Mines is the one with the sizable patch on the elbows

  4. Anonymous Coward
    Anonymous Coward

    it breaks ssh

    http://discussions.apple.com/thread.jspa?messageID=6859298

  5. Anonymous Coward
    Jobs Horns

    5 million beta users?

    So when Apple happily announced 5 milliion customers, it really means they lured 5 million customers to pay for a beta version of its OS.

    I use both Windows Vista and Mac OS and so far I had more problems and much larger updates on my Mac than on Windows. Okay, the Mac UI is nice but I'm having a feeling Apple was not ready for Leopard.

  6. Shane Sturrock
    Gates Horns

    Microsoft's measured approach

    The reason MS has to be so careful is because Windows is such a rats nest. UNIX based systems on the other hand are much less monolithic and so it is feasible to update services independently. Also, the open source nature of many of the tools in OS X mean that bugs are often identified on other platforms so OS X is inheriting bug fixes affecting other UNIX based platforms.

    At least with OS X I feel like things are being fixed rather than 'patched' (which I read as bodged).

  7. Paul
    Happy

    Ahh

    Just looked at the downloads page (http://www.apple.com/support/downloads/) and there is indeed a number of different versions of this patch. Looks like the server version is much larger (makes sense, there is more software in OS X server). So is the Universal version, which also makes sense as that will include builds for both PPC and Intel (minus a little common stuff).

    The largest is actually 108mb for the Leopard Server.

    The update to Safari looks nice, especially the development tools which will be a god-send to those of us who miss FireBug and other extensions from FireFox whenever we have to sue Safari.

  8. Michael Greenhill

    @ Microsoft's measured approach

    You've missed the point of what the author was saying; MS create and release x bug patches per month, each month. Apple on the other hand, things "damn, we should fix that" and throws some resources at it.

    At the end of the day, who cares about the mechanics behind the patching as long as it gets done.

  9. Adam Azarchs
    Gates Halo

    Comparison to vista SP1

    Vista SP1 standalone installer is 435MB. That's a lot more than this. Of course, it has to deal with more than ~4 permutations of hardware. The windows update version is only 45MB...

  10. Ronald Allan Henry
    Jobs Horns

    100+MB for Tiger, 50+Mb for Leopard

    I'm still using Tiger on my MacBook, and I got the 100+Mb security update. It isn't an exaggeration, the item wasn't just clearly identified.

    If you'd look at the security update details, you'd see that some of the fixes were indeed inherited from open source software that is included in Mac OS X.

  11. Webster Phreaky
    Jobs Horns

    Geez Apple Trolls, thought OS X .5 was so Perfect?

    So this is the, what 4th or 5th time that Apple has tried to make it "Perfecter", nah it's just that you're all Apple Kool Aid Drinkers and OS X has been and always will be holier than swiss cheese, security and bug wise. AKADs are so deep in denial.

    Next time you bash Linux or Windows, look in the mirror as see a stupid hypocrite.

  12. Shane Sturrock

    Re: it breaks ssh

    FYI, some people are reporting it breaks ssh but not all. On my three Macs (iBook G4, Mac mini G4 and MacBook Pro) there are no problems 'ssh'ing between my Macs and my two Linux machines in all combinations.

  13. Sebastian
    Thumb Up

    improved Acid 3 test

    There was also an update for Safari and it looks like they used the

    time to improve their results on the Acid 3 test.

    Before the update Safari scored 40% and now 75%.

  14. TeeCee Gold badge

    MSs measured approach, take 2.

    Ok, MS may have got to the stage where they can release a small patch bundle each month, but that's on the back of spending the past few years shipping monsters to patch copious numbers of glaring holes highlighted by the scrotes out there.

    Now it seems that said scrotes have their sights set on MacOS. I suspect that there's more where this came from and that Mac users may be in for a taste of what Win users have had to live with 'til recently (big patches rushed out to fix urgent exploits that break other things when you apply them).

    O/S stability / security is inversely proportional to the number of devious bastards trying to break it. Live with it.

  15. Anonymous Coward
    Thumb Down

    we don't needed no steenkin' title!

    given my own experience of leopard, i'd have gone for a slightly less charitable headline - 'apple polishes giant turd'

  16. John Mayock
    IT Angle

    affects gmail

    Its on the web elsewhere but the patch last night effectively stopped the use of the 'shift' key when using gmail. Rather than doing what it should, it now acts like a tab key changing focus on the gmail webpage. How did this get past testing?

  17. Mark Burton
    Jobs Horns

    I would, but...

    The last update (10.5.2) stopped wireless networking with my netgear router. A long ethernet cable for me these days.

    "It just works" - my arse

  18. Neil Hoskins

    105 millibits?...

    ...or maybe 105MB? Or 50.5MB?

  19. Chris Wood

    re: Monster Patch?

    Sure Vista SP1 is 435MB if you download the whole thing,but it's more like 60MB if you get it over Windows Update.

    Who cares how big the patches are anyway? The more bugs and vulnerabilities that are fixed the better, surely?

  20. Iain
    Go

    Quit moaning

    I have regularly had to update XP on pre-SP1 machines. Now that takes some time. It's interesting to note that since XP came out Microsoft have issued around 1.5GB worth of critical security patches. Now, if I bought a car that had to go back to the garage every other Tuesday...[insert own rant]

  21. Grant
    Stop

    @ AC

    "Vista SP1 @ 435MB, now THAT'S a monster patch!"

    The SP covers every version of Vista so it's quite large but no system should require more than 100Mb of it, so it you download it using Windows Update only the necessary files will be downloaded.

  22. Anonymous Coward
    Jobs Halo

    super special awesome

    This report is a lie. Macs are super special awesome and are perfect when they ship, they never need patching ever.

  23. Anonymous Coward
    Jobs Halo

    RE: Breaks SSH

    This is due to 3rd party software, do this to fix:

    "Have you installed Rogue Amoeba's Instant Hijack?

    If so, try:

    sudo /usr/local/hermes/bin/hermesctl unload"

  24. Mike
    Go

    ssh and gmail problems

    The ssh problems have been identified as being caused by a hack installed by Rogue Amoeba's Instant Hijack plug-in (part of Audio Hijack and other tools). Quite how the hell they managed to break OpenSSH by installing an audio proxy is anyone's guess, but "good work boys!"

    The gmail bug is caused by a workaround for Safari originally coded in the Gmail v1.0 interface. A workaround (until Google fix, or rather un-fix, it) is to run with Gmail v2.0 - you may have to swap to English (US) to do this however.

  25. Matt

    but it r perfect

    what happened to apple is so secure?

    we don't need antivirus as there are no holes??

    100mb for patches iis lazy releases and sticking fingers in your ears.

    Mainly stuck on windows, so I'll stick the boot in while I can.... but at least I know what I'm getting.

  26. Ian Tunnacliffe
    Coat

    What's happened to the language?

    When I was a working programmer (yes, back in the dark ages kiddies) a patch was something you did at four o'clock in the morning because the system was down. It was keyed in at the console in a hex representation of machine code. Twenty or thirty bytes typically. 100 tops. Then next day you would fix the problem properly, reassemble the segment(s) and load it/them to the system. That's not a patch, it's a new version.

    All this talk of "patches" being 100MB or more just bemuses me.

    Mines the very very old one with the muffler.

  27. Adam Foxton
    IT Angle

    @Webster

    Isn't OSX based on a 'NIX of some sort? It can't, then, be THAT bad for reliability/security/etc. can it?!

    The AKAD comment can be used in many places, but I don't think this really counts; save your insults for when they're appropriate. Linux and Windows both have live-update functionality so you don't really see the number of updates you get. Download all the updates for XP-SP2 or even Vista since launch and I bet they'd exceed 100Mb comfortably! Linux would probably be similar.

    ---

    The fact is that as people learn more about the systems theyre using they'll find more ways to break them. Then patches will be released. Though on pretty homogenous hardware like Apples there's no excuse!

    I would say, though, that a hundred megabytes counts as a Service Pack rather than a mere "patch".

    ---

    Still, Apple stuff is more of an extravagance- a mere high-tech toy if you will- rather than a "proper" computer. So I've got to ask where the IT angle is?

  28. Thomas

    This is not really an OS X versus <anything else> issue

    Some of the patches probably relate to software developed internally at Apple. As stated above, many of them relate to open source software that Apple just happen to use.

    Using open source components where they are appropriate is admirable — it's a form of adherence to open standards. Patching them when they're broken is also admirable. So there's no controversy in that.

    As far as these patches affect Apple-developed code (and I have literally no idea), I don't think anyone has ever seriously argued that the Apple engineers always produce perfect code first time round, and I don't think anyone will argue that they shouldn't release security updates.

    If there is any debate, it's about the way the different OSs are set up from a security perspective, i.e. the probability that flaws will be findable and the probability that they will be exploitable. Because it's a probability debate, the existence of each flaw adds empirical evidence but is nothing like a complete answer. And there's a question of measure and degree concerning each flaw — the extent to which each opens up the system.

    I have no idea what fixes Apple are offering or what information they provide concerning that type of evaluation. I'm just making the point that without it, the debate is false.

  29. Chris
    Dead Vulture

    Zero-day vulnerability anyone?

    No? That's because the OS X updates are pre-emptive and identified (mostly) by the Open Source community to ensure that the code is safe.

    MS tends to act reactively to vulnerabilities that are found by third parties inform - thus raising the chances of unpatched vulnerabilities being exploited (as is often the case).

    And so what if it's a big patch. Most people are on broadband and OSes these days are multi-gigabyte affairs so of course the patches are going to be large...

  30. Thomas

    @Adam Foxton

    Re: "Apple stuff is more of an extravagance- a mere high-tech toy if you will- rather than a "proper" computer."

    They use the same components as Windows and x86 Linux computers, so you're obviously not talking about hardware.

    They have a different GUI from both of those systems, but software available for them includes Microsoft Office and the full Adobe suite (InDesign, Photoshop, Illustrator...). So I guess you're not talking about the tasks you can perform with available application software.

    The OS is a certified UNIX. So I guess you don't mean that either.

    In that case I guess your definition of a "proper" computer presumably means "one that is as cheap as the sum of the individual hardware component costs will allow"? I think you might be at odds with quite a few people there. Argue that Macs cost too much if you want, but it's not accurate to say that they aren't "proper" computers.

  31. Matt

    Jobs Lot

    Do you have to wear a black shirt and talk on the jesus phone whilst installing this patch ?

  32. Anonymous Coward
    Happy

    SSH Fix

    Re earlier @AC the ssh error some users are having seems to be a clash with Rogue Amoeba's Instant Hijack. Removing this fixes the problem, see the updated thread http://discussions.apple.com/thread.jspa?messageID=6859298

  33. Thomas

    @Matt

    No. Just browsing the internet with the phone is sufficient.

  34. Ernest
    Boffin

    @ Matt RE: Jobs Lot

    Your half way there Matt, while sporting a plain charcoal black shirt and talking on the Jesus phone, you must balance the mac book air on a corner using only one extended finger.

  35. Anonymous Coward
    Thumb Up

    @it breaks ssh

    If you look further down the blog you will find the fix :)

  36. Ian Tunnacliffe
    Paris Hilton

    Downloaded trouble

    Just downloaded the "patches" and applied them. They included a keyboard firmware update.

    Previously my Macbook Pro suffered from the well-known "doesn't register the first character keyed into a form box" bug that Apple has been denying for several months. Now when I am working in an Excel spreadsheet, about 50% of the time it only registers the first character typed in a cell. When I click on another cell then go back for a second attempt it's usually OK.

    What is going on Steve?

    Paris because she had some experience with cells.

  37. Goat Jam

    @ Grant, @Chris

    Vista SP1 may indeed cover n versions of Windows (and who's fault is that?) and it may also be smaller if you d'load it via Windows Update (of course I found out about it via Windows update and WU reported it as being a 435MB dl on a fully patched system as well so I'm not sure this correct anyway but nevertheless . . . ).

    So, even if we pretend that the WU version is a more sane size this is pretty much irrelevant to most IT pro's. I never install MS Service Packs via Windows Update. I always dl them for offline installs as I don't want to have to keep dl'ing them over and over again every time I have to do a cruft reduction re-install.

    Of course YMMV

  38. Mike Groombridge
    Boffin

    @Quit moaning

    " have regularly had to update XP on pre-SP1 machines. Now that takes some time. It's interesting to note that since XP came out Microsoft have issued around 1.5GB worth of critical security patches. Now, if I bought a car that had to go back to the garage every other Tuesday...[insert own rant]"

    yeah but the equilivent of hackers and virus's attacking your windows install. would be some one running up to your car and taking bits off so you have to get it repaired but if no one touches it it runs just fine (oh and before some one says about built in faults i'd point out cars thave them to the pug 206 had 7 recalls and a renault model adds 2 miles to the mileage every time you open the drivers door. the difference if that once a car manufacturer finds this fault it can fix it on the next batch manufactued and it pulls the pre sold cars in for repair. microsoft equilent is patching preinstalled windows and then releasing an service pack for new machines) so yeah i would get made if i had to take me to get it fixed every week but the solution is shooting the guy who keeps breaking it or put it in a garage at night so he can't get to it (equvilent of a decent av and firewall)

  39. Inspector_Morse
    Go

    SSH & Rogue Amoeba's Audio Hijack Pro (and Airfoil, NiceCast)

    From the Rogue Amoeba Knowledge Base:

    Application Enhancer Technology

    Several Rogue Amoeba products optionally make use of Application Enhancers technology, also known as APE, from Unsanity Software. The Instant Hijack component utilizes Application Enhancers to pull in audio from applications that are already running. By default, this component is not installed. If you attempt to hijack audio from a running application, you will be prompted to install the Instant Hijack component or relaunch the application. You can install or uninstall Instant Hijack from the Install Extras... window, under the application's main menu (the Audio Hijack Pro menu in Audio Hijack Pro).

    Applications that use the optional Instant Hijack component:

    Airfoil

    Audio Hijack Pro

    Nicecast

    Maybe it's Unsanity's problem, not Rogue Amoeba's?

    BTW, the older (original) Audio Hijack does not have instant hijack, only the Pro version (current release). As I have the legacy version, I will now install the patches.

  40. preethi
    Gates Halo

    WHO SAID?????

    Apple or any of its software were any safer than MS products.....

    The more the number of user the more patches you will be downloading.

    its just the number of people there are to add onto spamming list and botnets that warrant the developments of worms and look for vulns in a software.

    Stop buying MACs is the only answer to this problem

    Preethi

  41. Anonymous Coward
    Jobs Horns

    sudo sysctl -w net.inet.tcp.delayed_ack=0

    Bet they've still not fixed the issue the above command line "fixes"...both my 10.5 macbooks (1st gen and 3rd gen) are both running freshly-crippled wireless, thanks to some crappy code in 10.5. (both run ok on 10.4 or when bootcamping XP).

    Thanks Apple, you bunch of gits. How many disgruntled users will it take to get you to fix this damned issue? And how long is going to take - another 6 months????

    Grrr...

  42. Barry Rueger

    iTunes Shurely?

    Near as I can tell the only thing that's ever updated on my Mac is the irritating iTunes music player. That thing seems to download another update every other week.

  43. Anon

    Downloading Mac Safari on a PC

    Despite Apple's attempt to hide the OS X Safari 3.1 update download from PC users, it can be found at

    For Leopard (39MB):

    http://appldnld.apple.com.edgesuite.net/content.info.apple.com/Safari3/061-4224.20080318.V3oi5/Safari31UpdLeo.dmg

    For Tiger (49MB):

    http://appldnld.apple.com.edgesuite.net/content.info.apple.com/Safari3/061-4222.20080318.Vrie3/Safari31UpdTiger.dmg

    PPC and Universal included; reboot required.

  44. Anonymous Coward
    Anonymous Coward

    simple

    Man, that was a simple update.

  45. J-Wick

    @Mike Groombridge

    Wall of text, hence dr.

  46. Anonymous Coward
    Flame

    @ Zero-day vulnerability anyone?

    "MS tends to act reactively to vulnerabilities"

    What rubbish MS have a team of very experience security testers with access to the source code but as even people in the Open Source community know having access to the source doesn't guarentee you can find all issues. MS have spent a fortune and i can't complain about their effort to find issues it's the amount of time they take getting the fixes out that bothers me.

  47. James O'Brien
    Coat

    Am I right?

    So if OSX is *INX certified you can use terminal and commands like sudo? Havent played with OSX much mainly due to not being willing to blow Jobs. (let the flames commence) But didnt bother checking that out the two or three times I have used it.

    @Webster Freaky

    cant speak for the rest but I myself do read them if only so I can try to figure out what your talking about because I like puzzles.

    On the Vista/OSX/*NIX debate Im of the firm belief that when 99% of the computers (and users) are all using Windows based systems, and your the "hacker" writing the viruses or whatever, which would you choose? Personally if it was me and I did this stuff I would want to cause the most damage possible. But once OSX and *NIX become more prevelant you will start to see more and more "bugs" for each.

    /mines the asbestos jacket with the fire hat.

  48. Richard Hesketh
    Happy

    SSH/Hijack Issue fixed

    Rogue Amoeba have issued a fix, so if you have Airfoil, having it update itself resolves the issue.

  49. Patrick
    Gates Horns

    I predict Webster to be the first El Reg reader to pop a vein!

    I predict Webster to be the first El Reg reader to pop a vein both in the anticipation leading up to the results and finally popping over the published results of the contest.

  50. Anonymous Coward
    Anonymous Coward

    re: ssh troubles

    Unsanity's haxies are known for causing problems, due to their low-level hooking into the OS. Software updates in particular are prone to breakage, sometimes to the point of having to reinstall the whole OS.

  51. Nexox Enigma

    @Thomas

    """but it's not accurate to say that they aren't "proper" computers"""

    No, but its fun to tell people their problems are because they bought a toy computer.

    Its more often the Mac user that breaks a Mac, not the computer itself.

    The real problem with the Macs is that they manage to sell completely ordinary Intel laptops wrapped in some sort of mystical field which convinces people that they're better than the Intel laptops without all the white plastic.

    You can hardly blame the strategy though - they're probably making 5 times the profit off each laptop that Dell and others get, and they sell the same thing, but uglier.

    And OS X has a pretty useless interface, specifically designed to murder any ability to multi task and get work done. Obviously real men use Fluxbox or similar.

  52. Calum n Shady
    Jobs Horns

    Updates Broke my MAC

    Tiger 10.4.11 After installing security and safari Updates. I cannot start safari, mail, Itunes and to cap it all of Software Update doesn't work either now.

    Seemingly there are quite a few people with this problem.

    http://discussions.apple.com/forum.jspa?forumID=752&start=0

    Hopefully the fix for the fix wil lbe out soon.

  53. Anonymous Coward
    Coat

    Why does Apple S/w update offer me Safari? when I'm a Winman

    Apple sofware update offered me a copy of Safari 3.1 for my Vista system. IE7 is not perfect, and Firefox wont display any of my ISP (Virgin)'s pages, so I'm thinking...what the heck.....

    At end of install it said safair had a bad signature and gave up........................so did I .

  54. Steve Oliver

    @webster phreaky

    My My, you are an angry little man. Have you considered anger management classes? It really is just a different computing platform to the one you are in love with you know.

This topic is closed for new posts.

Other stories you might like