Friday, September 23, 2005

Security Update 2005-008 for 10.4.2 Details

The 2005-008 (for 10.4.2) security update modifies several OS components: CoreServices' CoreTypes and SecurityAgent, ApplicationServices' ImageIO and QD frameworks, Message framework, System framework, prebinding info, ruby's xmlrpc, and securityd.

Read on for more detail

Two bits are updated here: the CoreTypes bundle and the SecurityAgent app.

  • CoreTypes bundle
    CoreTypes.bundle helps the OS (and apps which use OS-provided interfaces) in identifying file types from various bits of information (eg, file extension, MIME type, UTI) as well as providing icons for those files. Not sure which issue is fixed by this, perhaps that bit at the very end about Safe Download Validation?


  • SecurityAgent app handles several sensitive bits related to (duh!) security (eg, changing certain passphrases, authenticating the user for various tasks). This is the fix labeled SecurityAgent on Apple's description.


Two parts are updated in ApplicationServices: the ImageIO framework and the QD framework.

  • ImageIO framework
    ImageIO.framework covers part of the CoreGraphics image system (reading and writing images). Fix labeled ImageIO on Apple's description.


  • QD framework
    QD.framework is the QuickDraw framework, graphics programming from older Mac OS made available on Mac OS X. This is the fix labeled QuickDraw Manager on Apple's description.


Message framework
Message.framework is the framework which contains messaging functionality (email mostly, or perhaps exclusively). This MAY fix what's labeled Mail about auto-reply and encrypted messages on Apple's description. I say MAY since it's not completely obvious, but this doesn't seem to apply to any other listed fixes, and makes sense.


System framework
System.framework is the very low level stuff for the OS. Most likely fixes the fix labeled malloc on Apple's description.


prebinding info
A list of files of interest to the prebinding system was updated here, no idea why.


ruby's xmlrpc
Ruby (the scripting language) has a module for XML-RPC, which is what's been updated for the fix labeled Ruby on Apple's description.


securityd (née Security Server) handles some low-level bits for the SecurityAgent app. Fixes what's labeled securityd on Apple's description.



Post a Comment

<< Home