Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/critorg/public_html/templates/Bright Light (Fixed)/Panels/ViewArticlePanel.php on line 97
Apple Patches Holes in Mac OS X
logo
Home  |  Site Map   |  Syndicate
header


    LOGIN

USER
  
PASS
  
   
Search


Advanced Search
Links
 »  Home  »  Exploits  »  Apple Patches Holes in Mac OS X
Apple Patches Holes in Mac OS X
By Crit [dot] Org | Published  02/1/2005 | Exploits | Unrated
Apple Patches Holes in Mac OS X

Apple Computer released its first security patch of 2005 this week in order to plug some holes in its Mac OS X operating system.

Security Update 2005-001 for Mac OS X addresses issues with Apple's "at" commands, library (libxml2), ColorSync, Safari and Mail programs as well as specific problems found in PHP and third-party supplied "SquirrelMail."

The fixes are recommended for all Macintosh users running server and client versions of Mac OS X 10.3.7 or Mac OS X 10.2.8.

Updates for the "at" commands address what Apple calls "a local privilege escalation vulnerability." If not remedied, the problem could allow local users to remove files not owned by them, run programs with added privileges, or read the contents of normally unreadable files. The update patches the commands "at," "atrm," "batch," "atq," and "atrun."

Another critical fix addresses problems with the libxml2 library, which contains unsafe code Apple said may be exploited in applications linked against it. The flaw could potentially be exploited into buffer overflows.

Apple's update also repairs multiple known vulnerabilities in PHP, including remote denial of service and execution of arbitrary code.

 

Secunia Research has been credited in finding a problem in Mac OS X browser Safari. The fix is only necessary for users that do not enable the "Block Pop-Up Windows" feature. Without the patch, users can be mislead about the content of a Pop-up window if they used an untrusted link to navigate to a site.

For its Mail client, Apple has adjusted its code so that e-mail messages sent from a single machine can be identified. Previously, a GUUID (Globally Unique Universal ID) containing an identifier associated with the Ethernet networking hardware was used in the construction of an RFC-822 required Message-ID header. Apple's patch now hides the info in Mail with the help of a cryptographic hash.

Separately, a cross-site scripting vulnerability in SquirrelMail that allowed e-mail messages to contain content that would be rendered by a user's Web browser has been fixed.
How would you rate the quality of this article?
1 2 3 4 5
Poor Excellent
Tell us why you rated this way (optional):

Send to Author Post on Site
Comments
 

Popular Articles
  1. Symantec Adds Spyware Removal And Repair
  2. Spyware, Adware Are Hot Topics At RSA Security Conference
  3. Microsoft Windows AntiSpyware
  4. Financial Sector Still Top Targets For Phishing Scams
  5. VOIP faces threats from spam and offshoring, but how bad?
No popular articles found.
Popular Authors
  1. Crit [dot] Org
No popular authors found.


Copyright 2008 Crit.org All rights reserved.
Email: webmaster@crit.org | Privacy Policy