crsud process with security update 2013-001

don't we know already ?

it downloads certain updates, if apple make them available. Those updates can run regardless of user privilege & w/o notice, except for install.log

So now I'm back to thinking I'll just let it run and each time after I'll check the install log. If it does something untoward to the system or whatever, I'll restore a clone. How's that for some firm decision making? 😁 We'll probably never know just what a patch was issued for.

andyBall_uk wrote:

don't we know already ?

it downloads certain updates, if apple make them available. Those updates can run regardless of user privilege & w/o notice, except for install.log

I found out in the last couple of days that XProtect will make a outgoing connection upon any new network connection.

This can be duplicated by deleting all one's network connections, rebooting the machine and reconnecting to their own network and watch LS.

WZZZ wrote:

So now I'm back to thinking I'll just let it run and each time after I'll check the install log.

I thought I should alert the group that there may be a critical update posted for 10.6.8 today:

APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and

Mac OS X v10.6 Update 15

Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available

and address the following:

Java

Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,

OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,

OS X Mountain Lion 10.8 or later

Impact: Multiple vulnerabilities in Java 1.6.0_43

Description: Multiple vulnerabilities existed in Java 1.6.0_43, the

most serious of which may allow an untrusted Java applet to execute

arbitrary code outside the Java sandbox. Visiting a web page

containing a maliciously crafted untrusted Java applet may lead to

arbitrary code execution with the privileges of the current user.

These issues were addressed by updating to Java version 1.6.0_45.

I jumped on the updates immediately, so I won't know whether this one was critical or not, but thought you might want to watch for it.

I've been watching my install log and noticed the following:

Apr 8 02:55:54 Als-iMac-i7.local Software Update[29068]: SoftwareUpdate: Checking for critical updates only.

Apr 9 22:53:41 Als-iMac-i7.local Software Update[45085]: SoftwareUpdate: Checking for critical updates only.

Apr 10 22:53:41 Als-iMac-i7.local Software Update[83019]: SoftwareUpdate: Checking for critical updates only.

Apr 11 22:53:41 Als-iMac-i7.local Software Update[28744]: SoftwareUpdate: Checking for critical updates only.

Apr 12 22:53:41 Als-iMac-i7.local Software Update[50921]: SoftwareUpdate: Checking for critical updates only.

Apr 14 22:53:42 Als-iMac-i7.local Software Update[90782]: SoftwareUpdate: Checking for critical updates only.

Apr 15 22:53:41 Als-iMac-i7.local Software Update[19924]: SoftwareUpdate: Checking for critical updates only.

So with Mountain Lion (no separate crsud process) I may only be checking for critical updates once a day, even though there is a software update check accomplished every four hours, which seems counterintuitive. I'm also getting a lot of entries with each check as if there is still debug code in this process.

crsud ran this morning. I checked the install log, which only showed that it had run and exited right away. I will look again the next time it connects.

Thanks for the heads up.

I did not receive a Security notice from Apple on this, but I just spotted an update to Safari 5.1.9. I doubt that it would qualify as critical. The only thing I know about it is...

Safari 5.1.9 allows users to enable the Java plug-in for Safari on a website-by-website basis.

SU is only showing me the Java update. Nothing for Safari or anything (like the last security update did) that would update Safari. Where did you see the Safari update?

EDIT: Now SU is showing me the Safari too.

Message was edited by: WZZZ

WZZZ wrote:

SU is only showing me the Java update. Nothing for Safari or anything (like the last security update did) that would update Safari. Where did you see the Safari update?

The DL1569 document hasn't been updated yet, so they may still be rolling it out. I was able to verify it's there by using the "Download" button on http://support.apple.com/downloads/.

LOL, just edited to say I see it now.

I'll get the standalones sometime. No rush, since I don't really use either. The DL site is still showing the 5.1.7.

Message was edited by: WZZZ

here at least, on 10.6.8,

crsud only actually checks about once a day, despite running more often, as install.log shows. (ds_store's mention of LS warnings seems to bear that out.)

Crsud.plist shows the LastSuccessfulScanDate & even when toggled on/off in sys prefs (which makes crsud run) that isn't necessarily altered. Adding a 'ForceScanAlways (boolean) true' key to the plist seemingly makes it check on each run.

there's also an unused key: 'AllowDevSignedPkgs' .perhaps to allow the possibility of non-apple critical updates ?

Rightr-hand, left-hand dichotomy. Happens everytime they release something. Takes a day or two for the Cupertino folks to get on the same page. BTW, I'm using Safari 5.0.5 w/o issues, even if it doesn't have some of those so-called security fixes. 😉

XProtect was bumped up by two numbers Thu, 18 Apr 2013 02:36:12 GMT to add a definition for OSX.adware2.i. I toggled "Automatically update safe downloads list" to get it.

The signature doesn't match anything I can find elsewhere, so my only guess is what Thomas Reed has been working with this week with Boycott Softronic.

Surprisingly (to me) they did not change the minimum versions for either Flash or the Javas, all of which have been updated this week.

Got the XProtect this morning, but so far crsud has just been crying wolf.

And XProtect was just updated again to cover Java.

APPLE-SA-2013-04-18-1 OS X: Java Web plug-in blocked

Due to multiple security issues in:

Java 6 update 43 and earlier

Java 7 update 17 and earlier

Apple has updated the web plug-in blocking mechanism to disable

versions of Java older than Java 6 update 45 and Java 7 update 21.

ML is at v2037

Lion -- v1047

SL -- v63

Just like you I feel like I'm put into a bad position by Apple. If I enable "Automatically install important security updates" in Security preferences, I fear I could destabalize my production machine at any random moment and not know why/how it happened.

But if I leave the same option unchecked, I fear that "important" security updates won't come to my machine anymore will now have a more vulnerable system.

The fact that this extensive thread exists should show anyone that Apple screwed up here by not properly documenting what this option does. Really, Apple??

Maybe if we all raise a stink with Apple they'll finally answer what the **** this thing really does?!