Apple Patches Safari and Core Mac OS X Components - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
12/18/2007
03:00 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Patches Safari and Core Mac OS X Components

If exploited, the vulnerabilities could allow remote code execution, denial of service, data exposure, cross-site scripting, privilege escalation, and file deletion.

Apple on Monday released security updates for its Mac OS X and Windows customers that repair vulnerabilities in a number of Mac operating system components, as well as Apple's Safari Web browser and the Flash and Shockwave browser plug-ins.

Mac versions of the Security Update 2007-009 update are available for Mac OS X 10.4.11 and Mac OS X 10.5.1. The Windows version, Safari 3 Beta Update 3.0.4 Security Update, is available for XP and Vista users.

"Several of these issues are rather serious, so we strongly advise installing these updates at your earliest convenience," said Maarten Van Horenbeeck, an Internet Storm Center handler and a security consultant for Verizon Business, in a blog post.

If exploited, the listed vulnerabilities could allow remote code execution, denial of service, data exposure, cross-site scripting, privilege escalation, and file deletion.

The patched applications for the 10.5.1 update include CF Network, Core Foundation, CUPS, Flash Player Plug-in, Launch Services, perl, python, Quick Look, ruby, Safari, Samba, Shockwave Plug-in, and Spin Tracer.

The 10.4.11 update fixes issues in Address Book, CUPS, ColorSync, Core Foundation, Desktop Services, Flash Player Plug-in, gnutar, iChat, IO Storage Family, Launch Services, Mail, perl, python, ruby, Samba, Safari, Shockwave Plug-in, SMB, Spotlight, tcpdump, and XQuery.

These two updates bring Apple's total number of security fixes this year to 36, some of which have dealt with vulnerabilities in new products like the iPhone and Apple TV. In 2006, Apple released 22 security updates.

Last week, Apple released a fix for its QuickTime media software and for several Java vulnerabilities.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll