Security Update 2007-005 (#2): Further details, reports positive and negative
Further information on the recent Security Update.
Details on the Update The installation of Security Update 2007-005, released and noted yesterday afternoon, seems generally to be going well among readers. There is broad agreement that things can take a while to get going after the installation: subsequent startup may be slow (five minutes or more in the "grey screen" phase), and there may be a second, automatic reboot. None of that is surprising or unusual.
There are four versions of the Security Update to be distinguished.
Two are for users of Mac OS X 10.4: one Universal, one PPC-only.
There are also two for users of Mac OS 10.3.9: one for the Client (normal) edition, one for the Server edition.
The information that appears in Software Update, as well as in the brief pages linked in the previous paragraph, states: "Security Update 2007-004 has been incorporated into this security update." This statement does not appear in the corresponding Knowledge Base article detailing the security holes closed by the update. You might like to consult our earlier coverage of Security Update 2007-004.
A couple of the security holes being closed are applicable to 10.4 but not to 10.3.9.
Apple has updated their general Knowledge Base article listing all updates since the start of 2005. Unfortunately, this article does not describe dependency requirements, which can be a source of confusion. The only way to know what update to install is to let Software Update consult the online database - though, as we have said, Software Update is not our recommended way of downloading or installing these updates.
Reader Reports Early reader reports are mostly positive, but we do have a few reports of problems following installation of Security Update 2007-005. Keep in mind that these reports are anecdotal; that in some cases they are vague; and that, all appearances to the contrary, post hoc is not propter hoc. Still, they are also real (in some cases, clearly painfully so). So, these are not warnings against the update; they are possible evidence of issues that a small proportion of users may encounter.
Computer slow, Finder crashing, apps not opening
Joe says: "I've never had a problem with Apple updates before but since applying Security Update 2007-005, I'm getting a Finder crash every two minutes. I have used Tiger Cache Cleaner and done all the permission fixing stuff but it won't go away." This phenomenon was widely reported after the previous system update as well.
Another reader writes: "Following today's Security Update, I find my Finder to be painfully slow. I reset NVRAM, cleared caches, did Onyx maintenance scripts, and nothing helps. In particular the Finder takes a long time to appear after the computer reboots; the spinning ball appears and it takes ~15 seconds for the desktop to appear." So perhaps "slow" here means only "takes a long time to appear."
And again: "I installed the Security Update onto my up-to-date PowerPC iMac G5 machine (10.4.9), and now Finder will not open. Most of my apps in my dock will not open, but a few do (Safari, Mail; haven't gone much farther)." It sounds like the Finder is never appearing at all on this user's machine, which could be an extreme case of the same phenomenon mentioned in the previous note. Application launch problems were also reported after the previous system update.
Slow VPN authentication One reader writes: "Now [after applying the update], when I connect using VPN connection, a long delay takes place when authenticating the connection. I thought it might be a one-time thing, but each time I connect I get a long delay when doing so." Again, VPN connectivity was an issue after the last system update.
SQL server may need reinstallation afterwards Rob says: "I had my Power Mac G5 workstation, my PowerBook, and my Xserve all run this update, and all three I had to reinstall OpenBase 10.0.6 as a part of the DayLite 3.2.3 installer. It also hosed Lithium on my Xserve, which relies on a PostGREs database. I finally got DayLite back up and running, but I'd watch out, anyone running SQL."
Conclusions First and foremost, bear in mind that this is just a security update. It doesn't give you any new functionality or fix any bugs. It merely closes, quietly and invisibly, some potential security holes, most of them obscure and, as far as we know, hitherto completely unexploited. So the sky is not going to fall if you just ignore the update for now.
If you do decide to install the update, expect a long delay on the subsequent restart. Some machines will automatically restart a second time.
If you encounter problems that you think can be attributed to application of the update, whether or not you are able to fix those problems, we'd like to hear from you.
Resources