Apple Computer released a security update for mac owners today to fix seven exploits in Mac OS X.
The update fixes a variety of problems in OS X, including ColorSync, Libxm2, Mail, PHP, Safari, and Sendmail; click read more for an extensive list of the problems and respective fixes.
Users of Mac OS X v10.3.7 can update their OS via Software Update preferences, or from Apple Downloads.
View: More Information On Vulnerabilites
Download: Security Update 2005-001 (Mac OS X 10.3.7 Client) 1.0
View: Apple Computer
at commands
Problem: The "at" family of commands did not properly drop privileges. This could allow a local user to remove files not owned by them, run programs with added privileges, or read the contents of normally unreadable files.
ColorSync
Problem: An out-of-specification or improperly embedded ICC color profile could overwrite the program heap and allow arbitrary code execution.
libxml2
Problem: The libxml2 library contains unsafe code that may be exploited in applications linked against it.
Mail
Problem: A GUUID containing an identifier associated with the Ethernet networking hardware was used in the construction of an RFC-822 required Message-ID header.
PHP
Problem: Multiple vulnerabilities in PHP, including remote denial of service and execution of arbitrary code.
Safari
Problem: When Safari's "Block Pop-Up Windows" feature is not enabled, a malicious pop-up window could appear as being from a trusted site.
SquirrelMail
Problem: A cross-site scripting vulnerability in SquirrelMail allowed email messages to contain content that would be rendered by a user's web browser.
News source:
Neowin
Full story:
View Here
Threaded Mode
