Apple Security Advisory 2012-001 v1.1

Published: 2012-02-04
Last Updated: 2012-02-04 22:55:56 UTC
by Scott Fendley (Version: 3)
2 comment(s)

Earlier today, Apple announced v 1.1 of the Security update 2012-001.  The advisory announced the availability of Security Update for Mac OSX 10.6.8 that addresses a compatibility issue, and the removal of security fixes that were present in original update for Snow Leopard.  I am not confident why Apple removed security fixes from the original release, but maybe one of our readers can help us understand the issues behind the ImageIO security fix removal.

Below is the security advisory and we will link to the advisory once it is available on Apple's website.

 

"APPLE-SA-2012-02-03-1 Security Update 2012-001 v1.1

Security Update 2012-001 v1.1 is now available
for Mac OS X v10.6.8 systems to address a compatibility
issue.

Version 1.1 of this update removes the ImageIO security
fixes released in Security Update 2012-001.

OS X Lion systems are not affected by this change."


Update #1:

Apple Support shows there were 3 different issues which were corrected in ImageIO in the original Security Update information located at http://support.apple.com/kb/HT5130

Elsewhere, it appears that there are a number of users of OS X Lion which had problems after applying the original update as reported in Apple Support forums, 9to5Mac, and thevarguy.com.  The Security Advisory only mentions OS X Snow Leopard, so I am not sure that the two issues are related or just coincidental.  Stay tuned for more information.

Update #2:

Secunia has a very nice list of details in the update from yesterday.  More information is located at http://secunia.com/advisories/47843/.  No real information on why the ImageIO updates were removed.

 

 ----

Guy Bruneau & Scott Fendley (ISC Handler On Duty)

2 comment(s)

Comments

According to MacInTouch:

---begin quote---
Apple released Version 1.1 of Security Update 2012-001 for Mac OS X 10.6.8 - now available through Software Update - in response to problems with PowerPC applications experienced by many who installed the first release. According to the release notes, "Version 1.1 of this update removes the ImageIO security fixes released in Security Update 2012-001."
---end quote---

The Lion problems are probably unrelated and can be avoided by using the 10.7.3 Combo updater instead of the normal updater or Software Update.
The Mac OS 10.7.3 update is incompatible with PGP Whole Disk encryption (specifically reported as broken by the update are PGP desktop 10.2 MP2 and MP3).
The update can cause severe problems -- including the potential to render the system unbootable.

Diary Archives