Security Update 2004-06-07: Clarification of protection; 10.3.3 version; general issues; more

Clarification of protection A number of MacFixIt readers have expressed concern that the Security Update may not actually fix all of the recently reported vulnerabilities. As an example, Steve Noland writes:

"I have installed the security patch twice, once via Software Update, and once via download of the .dmg. After installation, both time it fails the test at http://test.doit.wisc.edu/."

For most users, the reason this is happening is that the Security Update only protects against new "exploits" of the Launch Services system. If you previously tried one of the various "tests" that registered an application with Launch Services, that "vulnerability" will still exist. John Gruber's Daring Fireball article on the topic explains the situation well:

The new confirmation dialog that Launch Services presents to prevent unknown applications from being launched automatically will only be presented for, well, unknown applications.

In other words, any application that you?ve previously launched is implicitly trusted by Launch Services. This includes the example exploit applications at Unsanity and http://test.doit.wisc.edu/. So if you previously tried these example exploits without disabling the URI protocols they take advantage of, then these examples will still work after installing Security Update 2004-06-07.

We've tested several computers that had not previously visited any "test" pages and the new confirmation dialog provided by Security Update 2004-06-07 appeared as expected.

Inability to install 10.3.3 version of Update Yesterday we noted that although the standard Security Update 2004-06-07 requires Mac OS X 10.3.4, a special version for users of OS X 10.3.3 is available. However, some users are unable to install that version, either. Reader Glenn Singleton writes:

"For what it's worth, I have had no success with the 06-07-2004 security update...I followed your link to the 10.3.3 version of the update on Apple site, and obtained that version. But it still doesn't work -- the red exclamation mark remains on my boot drive. All my permissions were repaired, caches cleaned etc before attempting installation of this security update."

Finder (and general system) problems We've had a few reports of Finder problems after installing the Update. Thomax Cox notes that after installing the OS X 10.2.8 version of the Update, the Finder will not launch. Similarly, Morgan Spenceley writes:

"Downloaded and installed it via Software Update on my Powerbook 17" 1GHz and after restart, the Finder no longer works for anything. Any operation -- opening a window or double-clicking an icon on the desktop, for example -- makes the Finder disappear for about second, then reappear with no action having taken place."

We've also received a number of isolated reports of various issues, from disappearing menus to login problems.

Unfortunately, issues like this are not widespread, nor can they easily be traced back to a particular issue or file. We continue to recommend that users follow our installation recommendations when installing any OS update: Repairing permissions and running a disk utility beforehand, and repairing permissions again afterwards. In addition, one of the most common causes for problems like this is a corrupt preference file; the utility Preferential Treatment can help root out corrupt preference files before and after Update installation.

RCDefault still useful On Monday we noted that the Security Update makes workarounds that used utilities such as RCDefaultApp unnecessary. However, as reader Matt Neuburg points out, RCDefaultApp can still be useful for allowing the user to verify Launch Services registrations:

"Apple still has provided no way whatsoever for the user to discover that a certain application has registered itself as the target for a certain URI. There needs to be an Apple-supplied interface (probably a utility) for learning this; until there is, RCDefaultApp is the best way."

Let us know your experiences with the Security Update: Late-breakers@macfixit.com.

Resources