Macs Only! Blog Archive--August 2008
Return to Macs Only!'s Front Page.
Copyright 2008 by Bill Fox All rights reserved.
Last Updated: August 31, 2008
Go to: July '08
Return to Archive
[8/25] Hands-On Report--Apple MacBook Air Update (Software)
Late on Friday, Apple released a software update called MacBook Air Update. It is available via Software Update on a MacBook Air notebook or as a stand-alone file from this Apple Web page. All of 368KB, Apple states:
This update is recommended for all MacBook Air computers, and addresses issues with video playback and processor core idling.
Apple warns that:
Third-party software that modifies processor operating characteristics such as frequency and voltage is not supported and should be removed before installing this update.
My MacBook Air has been working flawlessly. I have not experienced the overheating and core shutdown issue that slows the performance of a MacBook Air that some have complained about but, given the warning, it is likely that this small file addresses that problem.
I downloaded and installed the update. In a couple of day's use I have not noticed any difference in operation, either in performance or in fan activity. [Bill Fox]
[8/25] NVIDIA's New CUDA 2.0 Development Kit Promises Better Graphics
Also on Friday, NVIDIA released CUDA 2.0, a development tool for applications that use many of NVIDIA's graphics processors (GPU). Fortunately, that includes the GeForce 8800GT, an upgrade graphics card in my Mac Pro. It also includes the GeForce 8600M GPU used in Apple's MacBook Pro notebooks. In addition, CUDA 2.0 works with Mac OS X as well as Windows XP and Vista and Linux.
The production release of CUDA 2.0, the latest version of NVIDIA's award-winning C language programming environment for GPUs, enables software developers to tap into the massively parallel architecture of the GPU for the acceleration of complex computational problems. This latest production release of the CUDA software suite includes support for Mac OS X as well as 3D textures and hardware interpolation to increase the efficiency of applications such as medical volume reconstruction and oil and gas seismic computing.
Also included in CUDA 2.0 is an Adobe Photoshop plug-in example for Mac versions of the software. The example allows developers to design plug-ins that move the most compute-intensive functions of Adobe Photoshop to the GPU, such as filtering and image manipulation, delivering dramatic performance improvements. The plug-in is available as source code so developers can easily develop advanced filters and imaging techniques that are available directly within Adobe Photoshop.
CUDA 2.0 also features additional source code examples and new compiler optimizations and is available today as a free download from this NVIDIA Web page. [Bill Fox]
[8/25] Cool Mac Software Updated--MacTracker 5.0.4 and SMARTReporter 2.3.8
Two of my favorite free utilities were updated last week and both are available via MacUpdate.com.
MacTracker 5.0.4 - This utility (donationware) by Ian Page is a must-have for all Macophiles. MacTracker has the details on virtually every Apple product ever made. Version 5.0.4
- Adds iPhone 3G
- Adds "iTunes Version" and "Machine ID" to iPhone models
- Updates Support Status for Apple's latest Vintage and Obsolete products
- Other minor changes and additions
SMARTReporter 2.3.8 - This utility (free) warns you of some hard disk drive failures before they actually happen. It does so by periodically polling the S.M.A.R.T. status of your hard disk drive. Version 2.3.8 is a bug fixer but it also drops automatic update checking for Mac OS X 10.3 and 10.4.
[8/6] [Updated] Hands-On Report--iPhone 2.0.1, Security Update 2008-005 and MobileMe
I've been off on travel and vacation so I haven't updated my blog for awhile--actually three weeks. A few significant things have happened recently so here are my experiences.
iPhone Software 2.0.1
Apple released iPhone Software 2.0.1 and it is available via iTunes 7.7.1. When I plugged in my original iPhone yesterday morning, I received notice of the update and immediately installed it. It's a little over 242MB so it took awhile to download but the installation went smoothly and my iPhone re-activated with no problems.
I haven't had any problems with iPhone Software 2.0 except that it seemed a little slow, especially at retrieving my contacts. Version 2.0.1 seems generally faster and is definitely faster at retrieving my contacts. So far I haven't found any glitches.
While on vacation, we visited San Francisco and I decided to upgrade my original 8GB iPhone to an 8GB iPhone 3G while my wife and daughter shopped. There was a short line of five people outside the Apple Store waiting to buy an iPhone 3G. When the staff member got to me, he said that it would take an hour and that I would not be able to use my original iPhone $100 Store Credit to buy an iPhone 3G. Whoa--this is the first I have heard of that restriction! I showed him the credit and noted that it had no restrictions to no avail.[Update: The manager of the San Diego Apple Store told me that I can use the credit to ugrade my iPhone.] I left without upgrading, partly because of the credit issue, partly because I didn't really have an hour and partly because I am still not convinced that I want to upgrade.
My original iPhone still does all I need it to do and does it well. Furthermore, I do not have the problem of very long backup times when syncing my iPhone that many iPhone 3G users have and I still get very good battery life. AT&T's EDGE network is fast enough for email and all other functions that I frequently use. Free Wi-Fi at Starbucks stores is expanding and the cell phone/Wi-Fi positioning is also good enough for what I would use GPS for. So if I decide to upgrade under pressure from my spouse, I'll argue about the $100 iPhone Store Credit with the Apple Store manager in San Diego where I spend my money. I should have used it on my MacBook Air. [Update: The manager of the San Diego Apple Store told me that I can use the credit to ugrade my iPhone.]
Security Update 2008-005
Last Thursday, Apple released Security Update 2008-005 for Leopard 10.5.4 and Tiger 10.4.11, both client and server editions of Mac OS X. It is available via Software Update or as a stand-alone file from this Apple Web page. Here are the details of the update:
Open Scripting Architecture--CVE-2008-2830--A design issue exists in the Open Scripting Architecture libraries when determining whether to load scripting addition plugins into applications running with elevated privileges. Sending scripting addition commands to a privileged application may allow the execution of arbitrary code with those privileges. This update addresses the issue by not loading scripting addition plugins into applications running with system privileges. The recently reported ARDAgent and SecurityAgent issues are addressed by this update. Credit to Charles Srstka for reporting this issue.
BIND--CVE-2008-1447--The Berkeley Internet Name Domain (BIND) server is distributed with Mac OS X, and is not enabled by default. When enabled, the BIND server provides translation between host names and IP addresses. A weakness in the DNS protocol may allow remote attackers to perform DNS cache poisoning attacks. As a result, systems that rely on the BIND server for DNS may receive forged information. This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this issue.
CarbonCore--CVE-2008-2320--A stack buffer overflow exists in the handling of long filenames. Processing long filenames may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Thomas Raffetseder of the International Secure Systems Lab and Sergio 'shadown' Alvarez of n.runs AG for reporting this issue.
CoreGraphics--CVE-2008-2321--CoreGraphics contains memory corruption issues in the processing of arguments. Passing untrusted input to CoreGraphics via an application, such as a web browser, may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Michal Zalewski of Google for reporting this issue.
CoreGraphics--CVE-2008-2322--An integer overflow in the handling of PDF files may result in a heap buffer overflow. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of PDF files. Credit to Pariente Kobi working with the iDefense VCP for reporting this issue.
Data Detectors Engine--CVE-2008-2323--Data Detectors are used to extract reference information from textual content or archives. A resource consumption issue exists in Data Detectors' handling of textual content. Viewing maliciously crafted content in an application that uses Data Detectors may lead to a denial of service, but not arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.5.
Disk Utility--CVE-2008-2324--The "Repair Permissions" tool in Disk Utility makes /usr/bin/emacs setuid. After the Repair Permissions tool has been run, a local user may use emacs to run commands with system privileges. This update addresses the issue by correcting the permissions applied to emacs in the Repair Permissions tool. This issue does not affect systems running Mac OS X v10.5 and later. Credit to Anton Rang and Brian Timares for reporting this issue.
OpenLDAP--CVE-2008-2952--An issue exists in OpenLDAP's ASN.1 BER decoding. Processing a maliciously crafted LDAP message may trigger an assertion and lead to an unexpected application termination of the OpenLDAP daemon, slapd. This update addresses the issue by performing additional validation of LDAP messages.
OpenSSL--CVE-2007-5135--A range checking issue exists in the SSL_get_shared_ciphers() utility function within OpenSSL. In an application using this function, processing maliciously crafted packets may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
PHP--CVE-2008-2051, CVE-2008-2050, CVE-2007-4850, CVE-2008-0599, CVE-2008-0674--PHP is updated to version 5.2.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X v10.5 systems.
QuickLook--CVE-2008-2325--Multiple memory corruption issues exist in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5.
rsync--CVE-2007-6199, CVE-2007-6200--Path validation issues exist in rsync's handling of symbolic links when running in daemon mode. Placing symbolic links in an rsync module may allow files outside of the module root to be accessed or overwritten. This update addresses the issue through improved handling of symbolic links. Further information on the patches applied is available via the rsync web site at http://rsync.samba.org/
I downloaded and installed the security updates on my MacBook Air, Mac Pro, Power Mac G4 Cube (client and server editions), PowerBook G4 and iMac Core 2 Duo--all running 10.5.4. No problems were encountered.
MobileMe seems to be working well now, nearly a month after its release. Apple CEO Steve Jobs issued a letter acknowledging that the simultaneous release of the iPhone 3G, iPhone Software 2.0 and MobileMe was was not up to Apple's standards (see this CNet article).
In the interim, I actually experienced the glitch I worried about in my 7/14 entry. Somehow my data disappeared on the MobileMe server and then it deleted my contacts and calendar on my MacBook Air and iPhone. Fortunately, my Mac Pro was turned off so the data on it was not lost and I didn't have to use Time Machine to re-populate my MobileMe "cloud," MacBook Air and iPhone. As a result of this experience, I now have my Mac Pro set to manually update. But I have not encountered any other such problems since.
My biggest gripe with MobileMe is that I can't log onto my .Mac ...er... MobileMe email account using whatever stripped-down web browser that many hotels use on their business center PCs. Attempting to do so produces an unapproved browser error message and a suggestion to use Safari or Firefox but no path to my MobileMe email. Unfortunately, the PCs in these business centers have neither Safari nor Firefox installed in my experience and are locked so that nothing may be downloaded to them. Fortunately, MobileMe works with Internet Explorer 7, although it complains.
Return to Archive
Copyright © 1995-2008 by Bill Fox
All rights reserved.
MY LAWYER MADE ME POST THIS: 8-/
The Macs Only! web site is for informational purposes only. No one associated with Macs Only! assumes any responsibility for its accuracy. The information is subject to change without notice. Any use of, or actions taken based upon any of the information contained on this web site is done entirely at your own risk. Mention of any products or services is for informational purposes only and constitutes neither an endorsement nor a recommendation. Macs Only! and those associated with Macs Only! assume no responsibility with regard to the selection, performance or use of these products.
Apple, Apple Logos, Macintosh, and Mac OS Logos are registered trademarks of Apple Computer, Inc. All other trademarks mentioned belong to their respective owners.
[Back to top of page]