Skip navigation

crsud process with security update 2013-001

36922 Views 168 Replies Latest reply: Sep 8, 2013 9:10 AM by MadMacs0 RSS
  • WZZZ Level 6 Level 6 (11,885 points)
    Currently Being Moderated
    Apr 11, 2013 10:11 AM (in response to WZZZ)

    I'm beginning to think we're never going to find out what this damned thing really does. What worries me is if I keep denying crsud through LS, and at one point it isn't crying wolf--meaning there really is some critical security patch (not necessarily a full update) being issued, then I'm going to miss it.

  • andyBall_uk Level 6 Level 6 (17,665 points)
    Currently Being Moderated
    Apr 11, 2013 10:20 AM (in response to WZZZ)

    don't we know already ?

    it downloads certain updates, if apple make them available. Those updates can run regardless of user privilege & w/o notice, except for install.log

  • WZZZ Level 6 Level 6 (11,885 points)
    Currently Being Moderated
    Apr 11, 2013 10:46 AM (in response to andyBall_uk)

    So now I'm back to thinking I'll just let it run and each time after I'll check the install log. If it does something untoward to the system or whatever, I'll restore a clone. How's that for some firm decision making? We'll probably never know just what a patch was issued for.

    andyBall_uk wrote:

     

    don't we know already ?

    it downloads certain updates, if apple make them available. Those updates can run regardless of user privilege & w/o notice, except for install.log

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Apr 11, 2013 5:08 PM (in response to SaltySailor)

    I found out in the last couple of days that XProtect will make a outgoing connection upon any new network connection.

     

    This can be duplicated by deleting all one's network connections, rebooting the machine and reconnecting to their own network and watch LS.

  • MadMacs0 Level 4 Level 4 (3,345 points)
    Currently Being Moderated
    Apr 16, 2013 2:47 PM (in response to WZZZ)

    WZZZ wrote:

     

    So now I'm back to thinking I'll just let it run and each time after I'll check the install log.

    I thought I should alert the group that there may be a critical update posted for 10.6.8 today:

    APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and

    Mac OS X v10.6 Update 15

    Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available

    and address the following:

     

    Java

    Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,

    OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,

    OS X Mountain Lion 10.8 or later

    Impact:  Multiple vulnerabilities in Java 1.6.0_43

    Description:  Multiple vulnerabilities existed in Java 1.6.0_43, the

    most serious of which may allow an untrusted Java applet to execute

    arbitrary code outside the Java sandbox. Visiting a web page

    containing a maliciously crafted untrusted Java applet may lead to

    arbitrary code execution with the privileges of the current user.

    These issues were addressed by updating to Java version 1.6.0_45.

    I jumped on the updates immediately, so I won't know whether this one was critical or not, but thought you might want to watch for it.

     

    I've been watching my install log and noticed the following:

    Apr  8 02:55:54 Als-iMac-i7.local Software Update[29068]: SoftwareUpdate: Checking for critical updates only.

    Apr  9 22:53:41 Als-iMac-i7.local Software Update[45085]: SoftwareUpdate: Checking for critical updates only.

    Apr 10 22:53:41 Als-iMac-i7.local Software Update[83019]: SoftwareUpdate: Checking for critical updates only.

    Apr 11 22:53:41 Als-iMac-i7.local Software Update[28744]: SoftwareUpdate: Checking for critical updates only.

    Apr 12 22:53:41 Als-iMac-i7.local Software Update[50921]: SoftwareUpdate: Checking for critical updates only.

    Apr 14 22:53:42 Als-iMac-i7.local Software Update[90782]: SoftwareUpdate: Checking for critical updates only.

    Apr 15 22:53:41 Als-iMac-i7.local Software Update[19924]: SoftwareUpdate: Checking for critical updates only.

    So with Mountain Lion (no separate crsud process) I may only be checking for critical updates once a day, even though there is a software update check accomplished every four hours, which seems counterintuitive.  I'm also getting a lot of entries with each check as if there is still debug code in this process.

  • WZZZ Level 6 Level 6 (11,885 points)
    Currently Being Moderated
    Apr 16, 2013 4:27 PM (in response to MadMacs0)

    crsud ran this morning. I checked the install log, which only showed that it had run and exited right away. I will look again the next time it connects.

     

    Thanks for the heads up.

  • MadMacs0 Level 4 Level 4 (3,345 points)
    Currently Being Moderated
    Apr 16, 2013 5:45 PM (in response to WZZZ)

    I did not receive a Security notice from Apple on this, but I just spotted an update to Safari 5.1.9. I doubt that it would qualify as critical. The only thing I know about it is...

    Safari 5.1.9 allows users to enable the Java plug-in for Safari on a website-by-website basis.

  • WZZZ Level 6 Level 6 (11,885 points)
    Currently Being Moderated
    Apr 16, 2013 6:03 PM (in response to MadMacs0)

    SU is only showing me the Java update. Nothing for Safari or anything (like the last security update did) that would update Safari. Where did you see the Safari update?

     

    EDIT: Now SU is showing me the Safari too.

     

    Message was edited by: WZZZ

  • MadMacs0 Level 4 Level 4 (3,345 points)
    Currently Being Moderated
    Apr 16, 2013 6:02 PM (in response to WZZZ)

    WZZZ wrote:

     

    SU is only showing me the Java update. Nothing for Safari or anything (like the last security update did) that would update Safari. Where did you see the Safari update?

    The DL1569 document hasn't been updated yet, so they may still be rolling it out. I was able to verify it's there by using the "Download" button on http://support.apple.com/downloads/.

  • WZZZ Level 6 Level 6 (11,885 points)
    Currently Being Moderated
    Apr 16, 2013 6:07 PM (in response to MadMacs0)

    LOL, just edited to say I see it now.

     

    I'll get the standalones sometime. No rush, since I don't really use either. The DL site is still showing the 5.1.7.

     

    Message was edited by: WZZZ

  • andyBall_uk Level 6 Level 6 (17,665 points)
    Currently Being Moderated
    Apr 16, 2013 7:29 PM (in response to WZZZ)

    here at least, on 10.6.8,

    crsud only actually checks about once a day, despite running more often, as install.log shows. (ds_store's mention of LS warnings seems to bear that out.)

    Crsud.plist shows the LastSuccessfulScanDate & even when toggled on/off in sys prefs (which makes crsud run) that isn't necessarily altered. Adding a 'ForceScanAlways (boolean) true' key to the plist seemingly makes it check on each run.

     

    there's also an unused key: 'AllowDevSignedPkgs' .perhaps to allow the possibility of non-apple critical updates ?

  • baltwo Level 9 Level 9 (59,230 points)
    Currently Being Moderated
    Apr 17, 2013 11:15 AM (in response to WZZZ)

    Rightr-hand, left-hand dichotomy. Happens everytime they release something. Takes a day or two for the Cupertino folks to get on the same page. BTW, I'm using Safari 5.0.5 w/o issues, even if it doesn't have some of those so-called security fixes.  

    27" i7 iMac SL, Lion, OS X Mountain Lion (10.8.3), G4 450 MP w/Leopard, 9.2.2
  • MadMacs0 Level 4 Level 4 (3,345 points)
    Currently Being Moderated
    Apr 18, 2013 12:58 AM (in response to WZZZ)

    XProtect was bumped up by two numbers Thu, 18 Apr 2013 02:36:12 GMT to add a definition for OSX.adware2.i. I toggled "Automatically update safe downloads list" to get it.

     

    The signature doesn't match anything I can find elsewhere, so my only guess is what Thomas Reed has been working with this week with Boycott Softronic.

     

    Surprisingly (to me) they did not change the minimum versions for either Flash or the Javas, all of which have been updated this week.

  • WZZZ Level 6 Level 6 (11,885 points)
    Currently Being Moderated
    Apr 18, 2013 6:43 AM (in response to MadMacs0)

    Got the XProtect this morning, but so far crsud has just been crying wolf.

  • MadMacs0 Level 4 Level 4 (3,345 points)
    Currently Being Moderated
    Apr 18, 2013 11:32 AM (in response to WZZZ)

    And XProtect was just updated again to cover Java.

    APPLE-SA-2013-04-18-1 OS X: Java Web plug-in blocked


    Due to multiple security issues in:


    Java 6 update 43 and earlier

    Java 7 update 17 and earlier


    Apple has updated the web plug-in blocking mechanism to disable

    versions of Java older than Java 6 update 45 and Java 7 update 21.

    ML is at v2037

    Lion -- v1047

    SL -- v63

1 ... 6 7 8 9 10 ... 12 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.