Apple is sending out its second security update for Mac OS X in as many weeks, including follow-up fixes to bugs thought to have been patched on March 1st.
Apple Computer on Monday released its second security update for MacOS X in as many weeks, including follow-up fixes to bugs thought to have been patched on March 1.
Security Update 2006-002 corrects three problems that the earlier update missed for the Safaribrowser and other components, and also patches two new vulnerabilities, one in the Mail client. If not fixed, the Mail bug could give attackers a way to run their code on Macs.
The first day of this month, Apple issued a much larger update that plugged 17 security holes in the Mac OS X and bundled applications, including a zero-day vulnerability that could let attackers hijack machines using "drive-by download" tactics.
2006-002 patches drive-by download vulnerabilities that Apple missed. "This update provides additional checks to identify variations of the malicious file types addressed in Security Update 2006-001 so that they are not automatically opened," Apple said in the advisory.
Errors in the previous update's fixes for an Apache PHP script language bug and a flaw in the "rsync" file transfer utility have also been corrected, said Apple.
Of the two new vulnerabilities, the Mail bug is the most serious. It could allow attackers armed with specially-crafted messages and attachments to create a buffer overflow on a Mac, which in turn might let the hacker install other code, such as a Trojanized bot or backdoor, on the machine. End result: hijacked Mac.
Separate downloads are available on Apple Downloads for Mac OS X 10.3.9 (Panther) clients and servers, as well as Mac OS X 10.4.5 (Tiger) Intel and PowerPC clients. Mac users who have Software Update enabled will automatically receive the update.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?