I'm beginning to think we're never going to find out what this damned thing really does. What worries me is if I keep denying crsud through LS, and at one point it isn't crying wolf--meaning there really is some critical security patch (not necessarily a full update) being issued, then I'm going to miss it.
So now I'm back to thinking I'll just let it run and each time after I'll check the install log. If it does something untoward to the system or whatever, I'll restore a clone. How's that for some firm decision making? We'll probably never know just what a patch was issued for.
don't we know already ?
it downloads certain updates, if apple make them available. Those updates can run regardless of user privilege & w/o notice, except for install.log
So now I'm back to thinking I'll just let it run and each time after I'll check the install log.
I thought I should alert the group that there may be a critical update posted for 10.6.8 today:
APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and
Mac OS X v10.6 Update 15
Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available
and address the following:
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Impact: Multiple vulnerabilities in Java 1.6.0_43
Description: Multiple vulnerabilities existed in Java 1.6.0_43, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues were addressed by updating to Java version 1.6.0_45.
I jumped on the updates immediately, so I won't know whether this one was critical or not, but thought you might want to watch for it.
I've been watching my install log and noticed the following:
Apr 8 02:55:54 Als-iMac-i7.local Software Update: SoftwareUpdate: Checking for critical updates only.
Apr 9 22:53:41 Als-iMac-i7.local Software Update: SoftwareUpdate: Checking for critical updates only.
Apr 10 22:53:41 Als-iMac-i7.local Software Update: SoftwareUpdate: Checking for critical updates only.
Apr 11 22:53:41 Als-iMac-i7.local Software Update: SoftwareUpdate: Checking for critical updates only.
Apr 12 22:53:41 Als-iMac-i7.local Software Update: SoftwareUpdate: Checking for critical updates only.
Apr 14 22:53:42 Als-iMac-i7.local Software Update: SoftwareUpdate: Checking for critical updates only.
Apr 15 22:53:41 Als-iMac-i7.local Software Update: SoftwareUpdate: Checking for critical updates only.
So with Mountain Lion (no separate crsud process) I may only be checking for critical updates once a day, even though there is a software update check accomplished every four hours, which seems counterintuitive. I'm also getting a lot of entries with each check as if there is still debug code in this process.
SU is only showing me the Java update. Nothing for Safari or anything (like the last security update did) that would update Safari. Where did you see the Safari update?
The DL1569 document hasn't been updated yet, so they may still be rolling it out. I was able to verify it's there by using the "Download" button on http://support.apple.com/downloads/.
here at least, on 10.6.8,
crsud only actually checks about once a day, despite running more often, as install.log shows. (ds_store's mention of LS warnings seems to bear that out.)
Crsud.plist shows the LastSuccessfulScanDate & even when toggled on/off in sys prefs (which makes crsud run) that isn't necessarily altered. Adding a 'ForceScanAlways (boolean) true' key to the plist seemingly makes it check on each run.
there's also an unused key: 'AllowDevSignedPkgs' .perhaps to allow the possibility of non-apple critical updates ?
XProtect was bumped up by two numbers Thu, 18 Apr 2013 02:36:12 GMT to add a definition for OSX.adware2.i. I toggled "Automatically update safe downloads list" to get it.
The signature doesn't match anything I can find elsewhere, so my only guess is what Thomas Reed has been working with this week with Boycott Softronic.
Surprisingly (to me) they did not change the minimum versions for either Flash or the Javas, all of which have been updated this week.
And XProtect was just updated again to cover Java.
APPLE-SA-2013-04-18-1 OS X: Java Web plug-in blocked
Due to multiple security issues in:
Java 6 update 43 and earlier
Java 7 update 17 and earlier
Apple has updated the web plug-in blocking mechanism to disable
versions of Java older than Java 6 update 45 and Java 7 update 21.
ML is at v2037
Lion -- v1047
SL -- v63