Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2008
February
Security Alert - Phishing Emails Sent to Carnegie Mellon Accounts
Early Spring Cumulative Security Maintenance - Apple Mac OS X
Early Spring Cumulative Security Maintenance - Microsoft Windows
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Cumulative Security Maintenance: Early Spring - Apple Mac OS X

Who:  Apple Mac OS X computer users

What:  Early Spring Cumulative Security Maintenance

When:  Feb 7, 2008

How:
Early Spring Cumulative Security Maintenance Apple computers running Apple Mac OS X, Adobe Flash Player and Reader, Apple Quicktime, Mozilla Firefox & Thunderbird, RealNetworks RealPlayer and VLC media player may be vulnerable to exploits.  The most serious of these vulnerabilities may allow an unauthorized user to take complete control of an affected system by convincing the user to open a maliciously crafted document, media file,  media stream or website.

What You Need To Do:
If you suspect your computer has already been compromised, STOP! Read and follow Responding to a Compromised Computer.

If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

Follow the detailed steps below:

NOTE: You must login with an administrative account/password to complete steps marked with ***.

  1. Run Software Update***
    1. Quit all applications. Avoid performing any other operations while the update is in progress.
    2. Move all Apple installed applications and utilities back to their original locations. Moving one of these applications to a different location on your hard drive can result in an incomplete update.
    3. Disconnect any FireWire/USB devices before applying the update except for your startup drive (if it is FireWire or USB) and your keyboard/mouse.
    4. From the Apple menu, select System Preferences.
    5. Select Software Update.
    6. With the Update Software tab selected, click Check Now.
    7. Restart your Mac when prompted. If not prompted, restart anyways.
    8. Re-connect any FireWire/USB devices one by one and check for issues created by any particular device.

  2. Verify & Update Adobe Flash Player***
    1. Visit the About Adobe Flash Player page to see what version of Flash is installed on your computer compared to the latest available.
    2. If your computer does not have the latest version, visit the Adobe Flash Player Download Center and follow the instructions to download and install the upgrade.
    3. If you have more than one web browser installed on your computer (i.e. Safari, Firefox, etc...), repeat these steps with your other web browsers.

  3. Update Adobe Reader (if installed)***
    1. Launch Adobe Reader.
    2. From the Help menu choose Check for Updates... .
    3. Follow the on-screen instructions to install any available updates.

  4. Update Mozilla Firefox (if installed)***
    1. Launch Mozilla Firefox.
    2. From the Firefox menu choose About Mozilla Firefox.
    3. Support for Mozilla Firefox versions prior to 2.0.x has been discontinued.  If the About Mozilla Firefox window shows that your computer has 1.0.x or 1.5.x, then visit Installing Firefox on Mac for full manual upgrade instructions.  Otherwise if you already have 2.0.x, continue to the next step to check for updates.
    4. From the Help menu choose Check for Updates... .
    5. Follow the on-screen instructions to install any available updates.

  5. Update Mozilla Thunderbird (if installed)***
    1. Launch Mozilla Thunderbird.
    2. From the Thunderbird menu choose About Mozilla Thunderbird.
    3. Support for Mozilla Thunderbird versions prior to 2.0.x has been discontinued. If the About Mozilla Thunderbird window shows that your computer has 1.0.x or 1.5.x, then download and run the full installer from the Mozilla Thunderbird Product page to upgrade to 2.0.x.  Otherwise if you already have 2.0.x, continue to the next step to check for updates.
    4. From the Help menu choose Check for Updates... .
    5. Follow the on-screen instructions to install any available updates.

  6. Update RealNetworks RealPlayer (if installed)***
    RealPlayer 10 for Mac OS X and RealOne Player for Mac OS X customers need to get the latest player to address this security issue. Please visit the RealPlayer 10 for Mac Download page to upgrade your Player.

  7. Upgrade VLC media player (if installed)***
    Download and run the latest VLC installer from the VLC media player for Mac OS X Download page.

  8. Run Norton LiveUpdate
    Mac instructions

  9. Secure Your Computer***
    Mac instructions

  10. Update your Windows virtual machines (if you use Virtual PC, Parallels Desktop or VMware Fusion)***
    See Early Spring Cumulative Security Maintenance - Microsoft Windows.

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.


More Information:
For more technical information, visit the following: