In association with heise online

13 February 2009, 09:31

Apple closes critical security vulnerability in Safari

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released Security Update 2009-001, which fixes numerous security vulnerabilities in Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6 and Mac OS X Server v10.5.6. Many of the vulnerabilities found could be used to infiltrate and execute code on systems. The updates fix the mid-January reported vulnerability in the Safari browser, by which an attacker can use a specially crafted RSS feed to allow files to be read from a users hard drive. There is a separate update for users of the Windows version of Safari 3.2.2.

Other vulnerabilities found in Mac OS X components included security holes in X11, Samba, Squirrelmail, Python, Perl, CUPS, CFNetwork, ClamAV, and AFPServer CarbonCore. The security update is available now and varies in size by platform from 43MB on Leopard, to 213MB for the Server (Universal) update.

Apple has also released a Java for Mac OS X 10.5 Update 3 and Java for Mac OS X 10.4 Release 8. Both versions fix several vulnerabilities in Java Web Start and the Java plug-in. The fixes patch a loophole which allows attackers to infiltrate and execute code on the systems of users visiting a malicious website.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit