Mac OS X 10.4.2 Special Report: Widget, TCP/IP security updates

Apple has further sealed a potential opening for malicious use of Dashboard widgets in Mac OS X 10.4.2.

Apple's description reads:

"Dashboard is distributed with Apple-supplied widgets, and users have the ability to add new ones. It is possible for a user to install a new widget with the same internal identifier as an Apple-supplied widget. If this occurs, the newly-installed widget will run in the place of the system widget. It may not be clear to users that they are running a widget that they installed as opposed to the Apple-supplied one. This update addresses the problem by alerting users if they try to install widgets that would cause this sort of conflict. This issue does not affect previous releases of Mac OS X."

Mac OS X 10.4.2 also plugs a hole where a specifically crafted TCP/IP packet can cause a denial of service.

Apple says:

"A specifically crafted TCP/IP packet can cause the kernel to panic due to a null pointer dereference and require a reboot. Multiple conditions are required to trigger this problem. The common practice of filtering source-routed and loose source-routed packets on network infrastructure, ingress routers and firewalls can prevent systems from being affected. This issue does not affect previous releases of Mac OS X. Credit to Julian Y. Koh and colleagues of Northwestern University for reporting this issue."

• New repair capabilities in Disk Utility
• Ethernet Connectivity Issues
• FireWire Drives spontaneously unmounting
• General-purpose workarounds (Try these first)
• iChat "Insufficient Bandwidth"
• Mail.app: Problems with IMAP, SMTP servers, sluggish performance
• User poll reveals increased stability in progressive Tiger releases
• Resolution/brightness issues for PowerBooks
• Problems starting up/shutting down
• Release Notes, Download Links, Installation recommendations
• Spotlight cannot find single asterisk filenames
• AirPort connectivity issues
• FireWire/USB volumes refusing to unmount
• iCal search no longer working -- solution
• Installation fails partway through
• Menu items disappearing
• More on malfunctioning network adapters -- ISDN modems
• Remember to repair permissions after performing some workarounds
• Safari conflict with old version of Saft
• Sleep Problems/Solutions (system re-awakens, blank screen on wake)
• "System does not meet requirements" error message
• Misc. third-party application issues
• Widget, TCP/IP security updates

Resources