Security Update 2007-004 (#5): AirPort connectivity issues: definitive fixes; FTP security issue
Fixes for AirPort issues and an FTP security problem apparent after applying Security Update 2007-004.
AirPort connectivity issues (cont.): definitive fixes We continue to report on an inability to connect to wireless networks via built-in AirPort hardware after applying Security Update 2007-004. These problems are more prevalent on Mac OS X 10.3.9 systems.
We previously referenced our wireless troubleshooting tutorial, and several readers found success with some of the fixes listed there. MacFixIt reader Robyn Phillips, for instance, reports success with switching channels as described in the tutorial:
"There was something (in the update) which I think changed my Airport Card to only recognize up to Channel 11. Last year, I had changed my Airport Network channel to 13, to try to resolve an interference problem. Everything had been working fine until I applied the recent updates, as I believe the error messages above were saying that my Airport card believed itself to be a 'US' card and therefore, would no longer see Channel 13 (my equipment was all purchased in Australia).
"Once I reconfigured my network to be Channel 10, my MacBook is now working much better. The only thing I notice is that when I wake up my MacBook, it does not always join the network. Sometimes I can manually join, other times, I need to wait a few minutes and then it will either join by itself or I can then manually join."
For other users, however, more involved fixes may be required:
Remove kernel extensions (Mac OS X 10.3.9) If you are running Mac OS X 10.3.9 and are experiencing this issue, navigate to /System/Library/Extensions and drag the following files (if they exist) to the Desktop or another location outside the System folder:
- AppleAirport2.kext
- AppleAirportFW.kext
Restart your Mac and check for restoration of AirPort connectivity
Revert to older kernel extension (Mac OS X 10.4.9) If you are running Mac OS X 10.4.9, are experiencing AirPort connectivity issues after Security Update 2007-004, and have exhausted all other workarounds, you can try reverting to older version of the AirPort kernel extension via the following steps: [WARNING: This workaround is risky because you should not generally mix and match kernel extensions after updates. You will also lose any AirPort-related security refinements brought about by Security Update 2007-004, and new conflicts can ensue. Still, in a bind, it can restore wireless connectivity where other workarounds fail.]
- Download the Mac OS X 10.4.9 combo updater appropriate to your system (from Apple's download page).
- Download and install the shareware application Pacifist
- Drag the Mac OS X 10.4.9 installer package (e.g. MacOSXUpd10.4.9Intel.pkg) onto the Pacifist application icon.
- Click the triangle next to System to expand it
- Click the triangle next to Library to expand it
- Click the triangle next to Extensions to expand it
- Scroll down and find the file AppleAirPort.kext. Drag it to your Desktop or another location (you will have to enter your administrator password)
- On your Mac OS X startup drive, navigate to /System/Library/Extensions and locate a similarly named file (AppleAirPort.kext). Move it to another location for safe keeping.
- Now drag the file from step 7 (the one that you retrieved from the Mac OS X 10.4.9 install package) into the /System/Library/Extensions directory on your startup drive, in effect replacing the newer file (installed by the AirPort updater) with and older copy -- you will have to enter an administrator password.
- Restart your Mac
FTP security issue: Logged-in users able to access files outside their domain -- fix It appears that Security Update 2007-004 for Mac OS X 10.4.9 Server has introduced a serious issue where logged in client FTP users are able to access files outside of their home directories.
It appears that this issue is due to modifications Apple made to the following file:
/System/Library/LaunchDaemons/ftp.plist
specifically a reference to the ftpd program rather than xftpd. Apple also installed a new version of ftpd with this update, which may be causing the issue.
As such, you can change this file to again reference the xftpd program by opening the file (/System/Library/LaunchDaemons/ftp.plist) in your favorite text editor and changing the following strings:
- com.apple.ftpd to com.apple.xftpd
- /usr/libexec/ftpd to /usr/libexec/xftpd
- ftpd to xftpd (this is located under "Program arguments")
Save the file, then restart your FTP server and check for persistence of this issue. Note that you may be undoing some security refinements enacted by Security Update 2007-004 in performing this workaround.
A poster to Apple's Discussion threads, Joakim Hartmann, has also posted, verbatim, the old content of the ftp.plist file, which you can paste into the new ftp.plist file for a similar effect.
Feedback? Late-breakers@macfixit.com.
Previous coverage:
- Security Update 2007-004 (#4): Files modified by this update; AirPort connectivity problems and fixes; more
- Security Update 2007-004 (#3): Problems logging in, QuickTime components may be to blame
- Security Update 2007-004 (#2): Problems logging in; login items broken; fixes
- Security Update 2007-004 released: Vulnerabilities in AFP, AirPort, Help Viewer, SMB, WebDAV and more plugged
Resources