Apple Releases Security Update for Mac OS X
 

Apple Computer released a security update for mac owners today to fix seven exploits in Mac OS X.

The update fixes a variety of problems in OS X, including ColorSync, Libxm2, Mail, PHP, Safari, and Sendmail; click read more for an extensive list of the problems and respective fixes.

Users of Mac OS X v10.3.7 can update their OS via Software Update preferences, or from Apple Downloads.

View: More Information On Vulnerabilites
Download: Security Update 2005-001 (Mac OS X 10.3.7 Client) 1.0
View: Apple Computer


at commands
Problem: The "at" family of commands did not properly drop privileges. This could allow a local user to remove files not owned by them, run programs with added privileges, or read the contents of normally unreadable files.

ColorSync
Problem: An out-of-specification or improperly embedded ICC color profile could overwrite the program heap and allow arbitrary code execution.

libxml2
Problem: The libxml2 library contains unsafe code that may be exploited in applications linked against it.

Mail
Problem: A GUUID containing an identifier associated with the Ethernet networking hardware was used in the construction of an RFC-822 required Message-ID header.

PHP
Problem: Multiple vulnerabilities in PHP, including remote denial of service and execution of arbitrary code.

Safari
Problem: When Safari's "Block Pop-Up Windows" feature is not enabled, a malicious pop-up window could appear as being from a trusted site.

SquirrelMail
Problem: A cross-site scripting vulnerability in SquirrelMail allowed email messages to contain content that would be rendered by a user's web browser.

News source: Neowin
Full story: View Here