Software // Enterprise Applications
News
12/18/2007
03:00 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Apple Patches Safari and Core Mac OS X Components

If exploited, the vulnerabilities could allow remote code execution, denial of service, data exposure, cross-site scripting, privilege escalation, and file deletion.

Apple on Monday released security updates for its Mac OS X and Windows customers that repair vulnerabilities in a number of Mac operating system components, as well as Apple's Safari Web browser and the Flash and Shockwave browser plug-ins.

Mac versions of the Security Update 2007-009 update are available for Mac OS X 10.4.11 and Mac OS X 10.5.1. The Windows version, Safari 3 Beta Update 3.0.4 Security Update, is available for XP and Vista users.

"Several of these issues are rather serious, so we strongly advise installing these updates at your earliest convenience," said Maarten Van Horenbeeck, an Internet Storm Center handler and a security consultant for Verizon Business, in a blog post.

If exploited, the listed vulnerabilities could allow remote code execution, denial of service, data exposure, cross-site scripting, privilege escalation, and file deletion.

The patched applications for the 10.5.1 update include CF Network, Core Foundation, CUPS, Flash Player Plug-in, Launch Services, perl, python, Quick Look, ruby, Safari, Samba, Shockwave Plug-in, and Spin Tracer.

The 10.4.11 update fixes issues in Address Book, CUPS, ColorSync, Core Foundation, Desktop Services, Flash Player Plug-in, gnutar, iChat, IO Storage Family, Launch Services, Mail, perl, python, ruby, Samba, Safari, Shockwave Plug-in, SMB, Spotlight, tcpdump, and XQuery.

These two updates bring Apple's total number of security fixes this year to 36, some of which have dealt with vulnerabilities in new products like the iPhone and Apple TV. In 2006, Apple released 22 security updates.

Last week, Apple released a fix for its QuickTime media software and for several Java vulnerabilities.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.