Apple closes critical security vulnerability in Safari
Apple has released Security Update 2009-001, which fixes numerous security vulnerabilities in Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6 and Mac OS X Server v10.5.6. Many of the vulnerabilities found could be used to infiltrate and execute code on systems. The updates fix the mid-January reported vulnerability in the Safari browser, by which an attacker can use a specially crafted RSS feed to allow files to be read from a users hard drive. There is a separate update for users of the Windows version of Safari 3.2.2.
Other vulnerabilities found in Mac OS X components included security holes in X11, Samba, Squirrelmail, Python, Perl, CUPS, CFNetwork, ClamAV, and AFPServer CarbonCore. The security update is available now and varies in size by platform from 43MB on Leopard, to 213MB for the Server (Universal) update.
Apple has also released a Java for Mac OS X 10.5 Update 3 and Java for Mac OS X 10.4 Release 8. Both versions fix several vulnerabilities in Java Web Start and the Java plug-in. The fixes patch a loophole which allows attackers to infiltrate and execute code on the systems of users visiting a malicious website.
- About the security content of Security Update 2009-001, report from Apple.
- About the security content of Java for Mac OS X 10.4, Release 8, report from Apple.
- About the security content of Java for Mac OS X 10.5 Update 3, report from Apple.