Security Update 2004-09-07 (#2): Problems rendering Web sites, solutions; FTP connectivity broken, solutions; more
Security Update 2004-09-07 (#2): Problems rendering Web sites, solutions; FTP connectivity broken, solutions; more
Problems rendering Web sites, solutions Yesterday we reported a problem with rendering certain Web sites in Safari after applying the 2004-09-07 Security Update.
Among the sites affected are:
- BestBuy
- DirecTV
- FedEx
- Putnam.com
- Memorex
- Subaru
- CompUSA
- Onion.com
The root cause of this problem appears to be a change in Safari's user string identification after the security update.
Before the update, Safari identifies itself as:
- Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9
and after the update as:
- Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.4.2 (KHTML, like Gecko) Safari/125.9
One poster on Apple's Discussion Boards, Charlie, writes "I built a little browser app using WebKit and sure enough, if I change the user agent to the old string, Best Buy's page works, as do FedEx and Comp USA. So the code on the web page is getting fooled by the extra '.2' in the AppleWebKit part of the string."
Apparently the new user string identification does not mesh well with a specific DHTML scripting system that all of the affected sites use to generate their pages: OpenCube's Open Menu Pro.
Fortunately, OpenCube has released a patch that eliminates the problem. However, when the sites are fixed depends on when the individual sites decide to apply the patch and update their code.
A note on the OpenCube site reads: "The following updates affect the Safari browser only running on MAC 10.3.5 and the September 7th security update installed. (Web site developers) can fix the bug by replacing the *dqm_loader.js file on (their) server with the updated file from the download."
In the meantime, you can workaround this issue and view the aforementioned sites in their correct form by changing Safari's user agent from the debug menu. The easiest way to do this (if you do not currently have the debug menu installed) is to download the freeware tool Safari Enhancer, access the Debug>User Agent menu, then select Internet Explorer 6.0 as the agent.
Also, as noted by a number of readers, some of the affected sites display correct content further down the page though content at the beginning of the page is scrambled.
Broken FTP connectivity; solutions Several users report that they cannot use FTP after applying the latest security update, on both Mac OS X 10.2.8 and Mac OS X 10.3.5 systems, receiving the error message: "User (username) may not use FTP."
This issue appears to be caused by a change to Mac OS X's FTP daemon that occurs with the Security Update.
Apple Discussions Board poster Adam van Gaalen has uploaded the old (pre-Security Update) ftpd (FTP daemon) files for Mac OS X 10.2.8 and 10.3.5 to his Web server, and also provided a set of steps that will revert the component. Note that doing so will leave you without the FTP-related security patches Apple introduced with the 2004-09-07 update:
- Go to: http://macadam.dyndns.org/downloadable/1028/ or http://macadam.dyndns.org/downloadable/1035/ depending on the version you want
- Click on ftpd.sit to download it
- Drag the downloaded file onto StuffIt Expander, or simply doubleclick it
- Open /usr/libexec in the Finder and rename ftpd into ftpd.bad
- Drag the downloaded ftpd onto /usr/libexec
Gaalen writes "If this doesn't work open the Terminal application and type:
- sudo chown root /usr/libexec/ftpd
- sudo chmod 555 /usr/libexec/ftpd
Slow AirPort speeds after update Several users report degraded AirPort performance after the update. One MacFixIt reader writes
"Immediately after restart following the new security update, I observed a significant loss in Airport signal strength. I had carried out the 'Repair Disk' procedure before the update and repeated this step after noticing the new symptom. Last week, I applied the Airport 3.4.3 driver update with no problems. [...] I notice that the NetworkConfig, AirPortConfig, and Apple80211 private frameworks were all touched by the update (the latter two are not in the update BOM but I suspect that they were modified by the pre-link step)."
Fewer resolutions available A handful of users report a problem where after applying the security update, then resetting, fewer display resolutions are available.
Some have been able to solve this problem by simply turning their systems off, waiting a few minutes, and once again starting.
Feedback? Late-breakers@macfixit.com.
Resources