Apple fixes Safari in latest Security Update


Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
Share:
Sponsors:

By Jim Dalrymple

Apple on Tuesday released Security Update 2005-009, which addresses issues with both MacOS X and Mac OS X Server. Among the components affected in this release are apache_mod_ssl; CoreFoundation; CoreTypes; curl; iodbcadmin; OpenSSL; Safari;sudo; and syslog.

The biggest changes for Mac OS X users are with the company’s Web browser software, Safari. In total, four separate issues have been fixed in this release.



The first issue fixes a problem that affects Safari’s download directory, which is normally specified by the user. However, if a web site suggests an overlong filename for a download, it is possible for Safari to create this file in other locations. Apple notes that the filename and location of downloaded file content cannot be directly specified by remote servers, but this may still lead to downloading content into locations accessible to other users.

Apple also fixed a potential problem when visiting Web sites with WebKit-based applications. According to Apple, WebKit contains a heap overflow that may lead to the execution of arbitrary code. This may be triggered by content downloaded from malicious Web sites in applications that use WebKit such as Safari.

Two problems with JavaScript have addressed. Safari now has a new JavaScript engine to combat a potentially exploitable heap overflow. The new engine incorporates a more robust input validation, according to Apple. The second JavaScript issue addressed adds the name of the originating Web site to the dialog boxes.

The update can be downloaded from Apple’s Web site or by using the Software Update mechanism in Mac OS X. More information on the other changes in the security update is available from Apple’s Web site.

Article submitted by: Webshark
Last Update: 11-30-2005
Category: Security

Print | E-mail


Current rating: 5.45 by 31 users
Would you recommend this article to a friend?

Not a Chance 12345678910 Absolutely

Please register or sign-in to post comments.


Related News Stories

(9,459 reads) 07-05-2008
 · Fusion Security
(15,132 reads) 06-02-2007
 · NukeSentinel(tm)2.5.10 Critical Update
(13,896 reads) 05-07-2007
 · NukeSentinel(tm) 2.5.08 Maintainance Release
(15,362 reads) 03-15-2007
 · NukeSentinel(tm) 2.5.07 Reissued: Critical Update
(13,870 reads) 03-02-2007
 · NukeSentinel(tm) 2.5.06: Critical Update
(14,620 reads) 01-23-2007
 · NukeSentinel(tm) 2.5.05 released
(14,646 reads) 12-24-2006
 · NukeSentinel 2.5.04 released
(14,376 reads) 11-03-2006
 · NukeSentinel(tm) 2.5.03 Released
(18,213 reads) 10-19-2006
 · Php Nuke 8.0 Patched
(14,604 reads) 10-01-2006
 · ipBan Modification