Apple Patches Safari and Core Mac OS X Components
If exploited, the vulnerabilities could allow remote code execution, denial of service, data exposure, cross-site scripting, privilege escalation, and file deletion.
Apple on Monday released security updates for its Mac OS X and Windows customers that repair vulnerabilities in a number of Mac operating system components, as well as Apple's Safari Web browser and the Flash and Shockwave browser plug-ins.
Mac versions of the Security Update 2007-009 update are available for Mac OS X 10.4.11 and Mac OS X 10.5.1. The Windows version, Safari 3 Beta Update 3.0.4 Security Update, is available for XP and Vista users.
- Leveraging The Cloud For Business Resilience
- How crowdsourced testing has changed the game for innovative software companies
"Several of these issues are rather serious, so we strongly advise installing these updates at your earliest convenience," said Maarten Van Horenbeeck, an Internet Storm Center handler and a security consultant for Verizon Business, in a blog post.
If exploited, the listed vulnerabilities could allow remote code execution, denial of service, data exposure, cross-site scripting, privilege escalation, and file deletion.
The patched applications for the 10.5.1 update include CF Network, Core Foundation, CUPS, Flash Player Plug-in, Launch Services, perl, python, Quick Look, ruby, Safari, Samba, Shockwave Plug-in, and Spin Tracer.
The 10.4.11 update fixes issues in Address Book, CUPS, ColorSync, Core Foundation, Desktop Services, Flash Player Plug-in, gnutar, iChat, IO Storage Family, Launch Services, Mail, perl, python, ruby, Samba, Safari, Shockwave Plug-in, SMB, Spotlight, tcpdump, and XQuery.
These two updates bring Apple's total number of security fixes this year to 36, some of which have dealt with vulnerabilities in new products like the iPhone and Apple TV. In 2006, Apple released 22 security updates.
Last week, Apple released a fix for its QuickTime media software and for several Java vulnerabilities.