With its sixth security update for 2007, Apple patches two Safari 3.0 beta vulnerabilities
Only days after Apple released Mac OS X 10.4.10, it has also released Security Update 2007-006. This update affects users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9. Both vulnerabilities involve surfing the Internet. One could allow a cross site scripting attack, the other could cause a denial of service (crash). The update is available from within Mac OS X via the Software Update pane in System Preferences, or from Apple's Software Download only for systems that have installed Safari 3.0 beta. This update will not appear for Mac OS X users who have not installed Safari 3.0 beta. Users of Microsoft Windows XP and Windows Vista have additional patches available here.
Patch for WebCore
This patch affects users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later and addresses the vulnerability in CVE-2007-2401. When serializing headers into an HTTP request, an HTTP injection is possible within XMLHttpRequest. Successful execution could result in cross-site requests to malicious sites.
Patch for WebKit
This patch affects users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later and addresses the vulnerability in CVE-2007-2399. A memory corruption issue exists with invalid type conversion when rendering frame sets. Visiting a maliciously crafted Web site could allow a denial-of-service (crash) or arbitrary code execution.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
- Welcome to the other 95% percent
-
by kojacked
June 23, 2007 2:49 AM PDT
- It's nice to see Apple busily patching holes in its software now that it's tapping into the vast Windows market with Safari. It just goes to show that market share does play a role in a software vendor's need to respond to security threats and not the fact that less visibility makes your security holes something you can ignore or even worse brag about how secure your product is.
-
Reply to this comment
-
-
- It's a pity that IE is as easy as this
-
by Sniche
June 23, 2007 3:35 AM PDT
- In 5 years there is not any record of a Mac been brought down or
-
-
- It's a pity that IE isn't as easy as this
-
by Sniche
June 23, 2007 3:36 AM PDT
- In 5 years there is not any record of a Mac been brought down or
-
-
- Patching at the speed of light...
-
by kool_skatkat
June 23, 2007 5:24 AM PDT
- My safari works now! Yeah!.... just had to share the excitement.
-
-
(4 Comments)I'd love to see a Mac commercial reflect this week's realities in Safari...
Mac: "Oh PC! I've got bugs that people could exploit if they wanted! I really wanted to share my wonderful software with you but now I wish I hadn't."
PC: "Why not? You've always been welcome here in Windows."
Mac: "Well I never knew it would be so scary with so many eyeballs on you at once! How do you do cope PC?"
PC: "Simple my friend Mac: Anti-virus, Anti-Spyware, and system updates that automatically download and install..."
Mac: "What's all that stuff? It sounds like a hassle."
PC: "It's kind of like a condom for your whole body..."
Mac: "Oh condoms! I'm always forgetting about them. Hey, do you have any advice on what to do with this new ...er... rash I'm getting on my cdrom slot?"
PC: "Oh Mac will you ever learn to take better care of yourself?"
:)
corrupted by any malicious code since MacOSX was launched.
It's a pity that windows isn't as robust.
corrupted by any malicious code since MacOSX was launched.
It's a pity that windows isn't as robust.