Leopard’s tendency to modify applications with digital signatures that can cause headaches in VoIP software Skype and online game World of Warcraft hit headlines earlier this month; Apple have just released software patches in an attempt to deal with their latest OS’ errant firewall, but although the holes they fix are potentially serious as yet there doesn’t appear to be anything addressing this particular incompatibility.
Instead, Apple has had to rephrase their firewall description, which originally boasted that Leopard could “block all incoming connections”; in the process, they had to admit that they had perhaps been misleading:
“The ‘Block all incoming connections’ setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services” Apple
The fix changes the description (to “Allow only essential services”) and uses a fixed set of system services to judge which incoming processes should be permitted. In addition, further patches address confusion over whether changing firewall settings requires a restart, and how root-processes are blocked or unblocked.
OS X Leopard seems to be giving Apple an unusually large amount of headaches, evidenced with the multiple software patches the company has released since the upgrade’s launch.
I think this is the first Leopard update. Don’t confuse the application patches (Pro Video), and the Tiger patches (10.4.11) with the Leopard patch.
Also, the screw-up-Skype digital signature fix is in the patch. Skype, WoW, and a couple of other programs are explicitly tagged to not have a digital signature inserted. This won’t fix a Skype or WoW install that’s borked — you’ll have to reinstall the app to fix that — but it should prevent future breakage.
Thanks for the clarification, Wayne. Hopefully this means all the people having voip/gaming issues can fix them now.