Apple has released nine software updates to make adjustments for new Daylight Saving Time (DST), address issues during two security researchers' self-proclaimed "Month of Apple Bugs", and fix bugs in Final Cut Pro. The fixes are available now via Mac OS X's built-in Software Update utility.
Five of the updates released Thursday cover new DST rules put into place for 2007. Beginning in 2007, US DST will begin on the second Sunday in March and conclude on the first Sunday in November. Previously, DST began on the first Sunday in April and concluded on the last Sunday in October.
The current version of Mac OS X was updated to follow those time-change rules as a part of the OS X 10.4.5 update. However, that update did not cover changes in DST in other regions, including Alberta (Canada), Australia, and Brazil. The new DST update (Tiger) adds compatibility with those regions.
In addition, Apple released the DST update (Panther), which updates Mac OS X 10.3 systems for all the changes covered in both the 10.4.5 update and the new Tiger update.
Finally, a WebObjects 5.3.3 Update brings Apple's WebObjects web application software into line with the new time guidelines.
Apple has also posted a detailed technical document with more information about DST changes and how to work around the new rules on older Mac OS versions.
Three of the other updates involved addressing bugs found by security researcher Kevin Finisterre and hacker "LMH" during their month-long event aimed at exposing security flaws in Apple products and products that run on Apple systems. The fixes, labelled Security Update 2007-002, are available in Panther, PowerPC, and Universal versions.
On systems running Tiger, the update addresses a bug in which "a maliciously crafted disk image may lead to an application crash or arbitrary code execution," according to Apple's published release notes. Apple credits Finisterre for reporting the bug, which was posted on the Month of Apple Bugs site as on 9 January.
On systems running Tiger or Panther, the update addresses a Bonjour bug in which "attackers on the local network may be able to cause iChat to crash," according to Apple. This bug was listed on Month of Apple Bugs as "Apple iChat Bonjour Multiple Denial of Service Vulnerabilities" on 28 January. (Macworld is unable to link to the Month of Apple Bugs page regarding this bug, as it contains an image designed specifically to crash Web browsers based on Apple's WebKit framework.)
On systems running Tiger or Panther, the update addresses a vulnerability in iChat's auto-instant messaging URL handler that "may lead to an application crash or arbitrary code execution," according to Apple. The bug was announced on Month of Apple Bugs as "Apple iChat aim:// URL Handler Format String Vulnerability" on 20 January.
Finally, on systems running Tiger or Panther, the update addresses a vulnerability in the UserNotificationCentre process that could potentially grant system privileges to malicious users. This bug was announced on Month of Apple Bugs as "Apple UserNotificationCentre Privilege Escalation Vulnerability" on 22 January.
On Thursday Apple also updated Final Cut Pro to version 5.1.3, an update which "provides important bug fixes," according to Apple. According to Apple's Final Cut Pro documentation, the update includes fixes to provide compatibility of render files between PowerPC and Intel-based Macs, returns missing keyboard commands to the default keyboard layout, and fixes a bug involving cross dissolves in a nested sequence containing still images.