BetaONE will rise again!


Reply
  #1  
Old 27th Jan 05, 10:00 AM
NewsBot's Avatar
NewsBot NewsBot is offline
Senior Member
 
Join Date: Oct 2004
Posts: 30,858
NewsBot will become famous soon enough
Apple Releases Security Update 2005-001 for Mac OS X
Apple Computer released a security update for mac owners today to fix seven exploits in Mac OS X.

The update fixes a variety of problems in OS X, including ColorSync, Libxm2, Mail, PHP, Safari, and Sendmail; click read more for an extensive list of the problems and respective fixes.

Users of Mac OS X v10.2.8 Client and Server as well as Mac OSX v10.3.7 Client and Server can update their OS via Software Update preferences, or from Apple Downloads.

View: More Information On Vulnerabilites
Download: Security Update 2005-001 for Mac OSX 1.0.2.8 Client / Mac OSX 1.0.2.8 Server
Download: Security Update 2005-001 for Mac OSX 1.0.3.7 Client / Mac OSX 1.0.3.7 Server
View: Apple Computer


at commands
Problem: The "at" family of commands did not properly drop privileges. This could allow a local user to remove files not owned by them, run programs with added privileges, or read the contents of normally unreadable files.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7

ColorSync
Problem: An out-of-specification or improperly embedded ICC color profile could overwrite the program heap and allow arbitrary code execution.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7, Mac OS X v10.2.8, Mac OS X Server v10.2.8

libxml2
Problem: The libxml2 library contains unsafe code that may be exploited in applications linked against it.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7

Mail
Problem: A GUUID containing an identifier associated with the Ethernet networking hardware was used in the construction of an RFC-822 required Message-ID header.

Affecting: Mac OS X v10.3.7 Client, Mac OS X Server v10.3.7

PHP
Problem: Multiple vulnerabilities in PHP, including remote denial of service and execution of arbitrary code.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7, Mac OS X v10.2.8, Mac OS X Server v10.2.8

Safari
Problem: When Safari's "Block Pop-Up Windows" feature is not enabled, a malicious pop-up window could appear as being from a trusted site.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7, Mac OS X v10.2.8, Mac OS X Server v10.2.8

SquirrelMail
Problem: A cross-site scripting vulnerability in SquirrelMail allowed email messages to contain content that would be rendered by a user's web browser.

Affecting: Mac OS X Server 10.3.7

News source: Neowin
Full story: View Here
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apple Releases Security Update for Mac OS X NewsBot NeoWin News 0 26th Jan 05 08:30 PM
MS Releases Beta of Update Rollup 1 for Windows 2000 SP4 NewsBot NeoWin News 0 26th Jan 05 02:30 PM
Apple plugs security holes for OS X NewsBot ieXbeta News 0 3rd Dec 04 05:00 AM
McAfee unveils 2005 security suite NewsBot NeoWin News 0 9th Nov 04 01:30 AM
Update # 1 for MCE 2005 protecteur Windows XP Media Center Edition 2005 3 26th Oct 04 01:45 PM


All times are GMT +1. The time now is 02:33 PM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.