Apple fixes Safari in latest Security Update
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb More...
Add to:
Sponsors:
By Jim Dalrymple
Apple on Tuesday released Security Update 2005-009, which addresses issues with both MacOS X and Mac OS X Server. Among the components affected in this release are apache_mod_ssl; CoreFoundation; CoreTypes; curl; iodbcadmin; OpenSSL; Safari;sudo; and syslog.
The biggest changes for Mac OS X users are with the company’s Web browser software, Safari. In total, four separate issues have been fixed in this release.
The first issue fixes a problem that affects Safari’s download directory, which is normally specified by the user. However, if a web site suggests an overlong filename for a download, it is possible for Safari to create this file in other locations. Apple notes that the filename and location of downloaded file content cannot be directly specified by remote servers, but this may still lead to downloading content into locations accessible to other users.
Apple also fixed a potential problem when visiting Web sites with WebKit-based applications. According to Apple, WebKit contains a heap overflow that may lead to the execution of arbitrary code. This may be triggered by content downloaded from malicious Web sites in applications that use WebKit such as Safari.
Two problems with JavaScript have addressed. Safari now has a new JavaScript engine to combat a potentially exploitable heap overflow. The new engine incorporates a more robust input validation, according to Apple. The second JavaScript issue addressed adds the name of the originating Web site to the dialog boxes.
The update can be downloaded from Apple’s Web site or by using the Software Update mechanism in Mac OS X. More information on the other changes in the security update is available from Apple’s Web site.
Article submitted by: Webshark
Last Update: 11-30-2005
Category: Security
Apple on Tuesday released Security Update 2005-009, which addresses issues with both MacOS X and Mac OS X Server. Among the components affected in this release are apache_mod_ssl; CoreFoundation; CoreTypes; curl; iodbcadmin; OpenSSL; Safari;sudo; and syslog.
The biggest changes for Mac OS X users are with the company’s Web browser software, Safari. In total, four separate issues have been fixed in this release.
The first issue fixes a problem that affects Safari’s download directory, which is normally specified by the user. However, if a web site suggests an overlong filename for a download, it is possible for Safari to create this file in other locations. Apple notes that the filename and location of downloaded file content cannot be directly specified by remote servers, but this may still lead to downloading content into locations accessible to other users.
Apple also fixed a potential problem when visiting Web sites with WebKit-based applications. According to Apple, WebKit contains a heap overflow that may lead to the execution of arbitrary code. This may be triggered by content downloaded from malicious Web sites in applications that use WebKit such as Safari.
Two problems with JavaScript have addressed. Safari now has a new JavaScript engine to combat a potentially exploitable heap overflow. The new engine incorporates a more robust input validation, according to Apple. The second JavaScript issue addressed adds the name of the originating Web site to the dialog boxes.
The update can be downloaded from Apple’s Web site or by using the Software Update mechanism in Mac OS X. More information on the other changes in the security update is available from Apple’s Web site.
Article submitted by: Webshark
Last Update: 11-30-2005
Category: Security
Current rating: 5.45 by 31 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(2,060 reads) 07-05-2008
· Fusion Security(6,773 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(6,726 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(7,309 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(7,070 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(7,392 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(7,569 reads) 12-24-2006
· NukeSentinel 2.5.04 released(7,164 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(7,750 reads) 10-19-2006
· Php Nuke 8.0 Patched(6,934 reads) 10-01-2006
· ipBan Modification
Please register or sign-in to post comments.