Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Security Advisory 2012-001 v1.1

Published: 2012-02-04
Last Updated: 2012-02-04 22:55:56 UTC
by Scott Fendley (Version: 3)
2 comment(s)

Earlier today, Apple announced v 1.1 of the Security update 2012-001.  The advisory announced the availability of Security Update for Mac OSX 10.6.8 that addresses a compatibility issue, and the removal of security fixes that were present in original update for Snow Leopard.  I am not confident why Apple removed security fixes from the original release, but maybe one of our readers can help us understand the issues behind the ImageIO security fix removal.

Below is the security advisory and we will link to the advisory once it is available on Apple's website.

 

"APPLE-SA-2012-02-03-1 Security Update 2012-001 v1.1

Security Update 2012-001 v1.1 is now available
for Mac OS X v10.6.8 systems to address a compatibility
issue.

Version 1.1 of this update removes the ImageIO security
fixes released in Security Update 2012-001.

OS X Lion systems are not affected by this change."


Update #1:

Apple Support shows there were 3 different issues which were corrected in ImageIO in the original Security Update information located at http://support.apple.com/kb/HT5130

Elsewhere, it appears that there are a number of users of OS X Lion which had problems after applying the original update as reported in Apple Support forums, 9to5Mac, and thevarguy.com.  The Security Advisory only mentions OS X Snow Leopard, so I am not sure that the two issues are related or just coincidental.  Stay tuned for more information.

Update #2:

Secunia has a very nice list of details in the update from yesterday.  More information is located at http://secunia.com/advisories/47843/.  No real information on why the ImageIO updates were removed.

 

 ----

Guy Bruneau & Scott Fendley (ISC Handler On Duty)

2 comment(s)
Diary Archives