Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Apple Firms Up Their Firmware - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Firms Up Their Firmware

Steve and the gang out in Cupertino have made Mac OS X v10.4.6 and Mac OS X Server v10.4.6 available for your fruity OS-updatin' pleasure. Aside from providing some general system improvements, they also deliver a fix for a security issue whereby MacIntel (Inteltosh?) boxes could have their firmware password bypassed, essentially giving anyone with physical access to the box the ability to drop to "Single User Mode" and run amok. (More details here.)

Update links and checksums (you *do* confirm checksums before patching, now don't you?):

Go here. (http://www.apple.com/support/downloads/)

For Mac OS X v10.4.5 (PowerPC)
The download file is named: "MacOSXUpd10.4.6PPC.dmg"
Its SHA-1 digest is: b65564786f9e15d6bdac2ea3eed1294e5fd8f122

For Mac OS X v10.4 through Mac OS X v10.4.4 (PowerPC)
The download file is named: "MacOSXUpdCombo10.4.6PPC.dmg"
Its SHA-1 digest is: c9fde5a23bcebd08149301b7ad300881a563c398

For Mac OS X v10.4.5 (Intel)
The download file is named: "MacOSXUpd10.4.6Intel.dmg"
Its SHA-1 digest is: a0d26811f55c8a3accac0f0237355431d0ca3938

For Mac OS X v10.4.4 (Intel)
The download file is named: "MacOSXUpdCombo10.4.6Intel.dmg"
Its SHA-1 digest is: 487dfcb211911c97f9862872a70b72eb4486d724

For Mac OS X Server v10.4.5
The download file is named: "MacOSXServerUpdate10.4.6.dmg"
Its SHA-1 digest is: 17b92d74ebe0a499fee5189b6d1074d5d5f72b15

For Mac OS X Server v10.4 through Mac OS X Server v10.4.5
The download file is named: "MacOSXSrvrUpdCombo10.4.6.dmg"
Its SHA-1 digest is: 746fe2b304f8bfb6a5f84ff0e08edd32722a8cb9

Or, you can be a big old wimp and just use the Software Update pane in System Preferences... (thanks Swa, for pointing that out!)

Tom

160 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!