Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple Security Advisory 2012-001 v1.1 - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Security Advisory 2012-001 v1.1

Earlier today, Apple announced v 1.1 of the  Security update 2012-001.  The advisory announced the availability of Security Update for Mac OSX 10.6.8 that addresses a compatibility issue, and the removal of security fixes that were present in original update for Snow Leopard.  I am not confident why Apple removed security fixes from the original release, but maybe one of our readers can help us understand the issues behind the ImageIO security fix removal.

Below is the security advisory and we will link to the advisory once it is available on Apple's website.


"APPLE-SA-2012-02-03-1 Security Update 2012-001 v1.1

Security Update 2012-001 v1.1 is now available
for Mac OS X v10.6.8 systems to address a compatibility

Version 1.1 of this update removes the ImageIO security
fixes released in Security Update 2012-001.

OS X Lion systems are not affected by this change."


Scott Fendley ISC Handler


191 Posts
ISC Handler
Feb 4th 2012
According to MacInTouch:

---begin quote---
Apple released Version 1.1 of Security Update 2012-001 for Mac OS X 10.6.8 - now available through Software Update - in response to problems with PowerPC applications experienced by many who installed the first release. According to the release notes, "Version 1.1 of this update removes the ImageIO security fixes released in Security Update 2012-001."
---end quote---

The Lion problems are probably unrelated and can be avoided by using the 10.7.3 Combo updater instead of the normal updater or Software Update.
The Mac OS 10.7.3 update is incompatible with PGP Whole Disk encryption (specifically reported as broken by the update are PGP desktop 10.2 MP2 and MP3).
The update can cause severe problems -- including the potential to render the system unbootable.

1 Posts

Sign Up for Free or Log In to start participating in the conversation!