Languages

Archived - About the security content of the Mac OS X 10.4.3 update

This article has been archived and is no longer updated by Apple.

This document describes the security content of Mac OS X 10.4.3, which can be downloaded and installed using Software Update, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How To Use The Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Mac OS X v10.4.3

  • Finder

    CVE-ID: CVE-2005-2749

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: File ownership information may be misleading

    Description: Under certain situations, the file and group ownership information displayed in the Finder Get Info window may not be correct. This update addresses the issue by synchronizing the displayed ownership with the actual ownership in all situations. This issue does not affect systems prior to Mac OS X v10.4.

  • Software Update

    CVE-ID: CVE-2005-2750

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Important Software Updates may not install

    Description: Software Update can be instructed by the user to ignore specific updates. If all applicable updates have been marked in this way, Software Update will exit without providing an an opportunity to reset the status of these updates so that they may be installed. This update addresses the issue by asking whether the ignored updates list should be reset when this situation is encountered. This issue does not affect systems prior to Mac OS X v10.4.

  • memberd

    CVE-ID: CVE-2005-2751

    Available for: Mac OS X Server v10.4.2

    Impact: Changes to group membership are delayed for hours

    Description: In certain situations, changes to a group's membership may not be immediately reflected in access control checks. This may result in an authenticated user being able to access files or other resources even after they have been removed from a group. This update addresses the issue by invalidating the group membership cache at appropriate times. This issue does not affect systems prior to Mac OS X v10.4.

  • Keychain

    CVE-ID: CVE-2005-2739

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Keychain Access will continue displaying plaintext passwords after lock timeout

    Description: Keychain Access is a utility distributed with Mac OS X that is used to view keychain items and change keychain settings. If a keychain automatically locks due to a timeout while viewing a password stored inside it, that password will remain visible. This update patches Keychain Access so that passwords are hidden when keychains lock. This issue does not affect systems prior to Mac OS X v10.4. Credit to Eric Hall of DarkArt Consulting Services for reporting this issue.

  • Kernel

    CVE-ID: CVE-2005-1126, CVE-2005-1406, CVE-2005-2752

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Kernel memory may be disclosed to local users

    Description: Certain kernel interfaces may return data that includes sensitive information in uninitialized memory. These issues affect Mac OS X v10.4.2 and earlier. Credit to Ilja van Sprundel and Neil Archibald of Suresec LTD and Colin Percival of the FreeBSD team for reporting these issues.

Last Modified: Feb 19, 2012
Print this page
  • Last Modified: Feb 19, 2012
  • Article: TA23698
  • Views:

    14543
  • Rating:
    • 30.0

    (2 Responses)