Network News

X My Profile
View More Activity

Apple Update Fixes 13 Security Flaws

Apple has issued an update that patches several security flaws in its Mac OS X operating system, including a hole that a security researcher last week showed could be used by attackers to install malware on affected systems through Safari, the default Web browser on Macs.

The update fixes at least 13 OS X security vulnerabiltiies, including four distinct Safari flaws that a malicious Web site or RSS feed could use to install programs on a visiting machine. Among the other problems addressed in this update is an issue with the default OS X e-mail program, which Apple said in some cases can fail to warn users about which e-mail attachment file types are potentially unsafe to open.

Updates are available for OS X v10.3.9, OS X Server v10.3.9, OS X v10.4.5, and OS X Server v10.4.5. Mac users can upgrade manually through Apple Downloads or through Software Update.

By Brian Krebs  |  March 1, 2006; 5:30 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: SiteAdvisor Adds Search Safety
Next: Malware-Speak Spooks Symantec

Comments

hippies. apple is backdoored by the nsa and there's nothing you can do about it. use dos, use snailmail!

Posted by: moloc | March 2, 2006 5:50 AM | Report abuse

Wow, You certain are a retard aren't you moloc.

Posted by: zid | March 2, 2006 7:09 AM | Report abuse

I love my mac and will never go back.

Posted by: granny smith | March 2, 2006 10:43 AM | Report abuse

Funny, I installed the patch last night yet the infamous Heise.jpg file still has a jpeg icon, and when double-clicked will still run the terminal script. What's up with that?

Also funny, I work with mac and windows both, and don't feel the need to flame anyone in this discussion. Relax, y'all.

Posted by: andro | March 2, 2006 3:16 PM | Report abuse

As far as the metadata/misdisplay vulnerability goes, this security patch only closes off the trivial automatic exploits via Safari.

It does not fix the underlying problem with the Finder (and Mail, possibly others) displaying a Terminal shell script or a Script Runner compiled applescript as if it were really some other type of file, like a "safe" data-only jpg or mov. Apple needs to close off that opportunity for mischief before they can declare this security bug fixed.

Posted by: Richard Johnson | March 2, 2006 6:31 PM | Report abuse

I like the column, but this misses the part about the aspect of the patch that blocks the x86 hack that allows OS X to run on non mac systems (or so they say)...

Posted by: J | March 3, 2006 12:41 PM | Report abuse

Very good site, congratulations! metal suitcase

Posted by: suitcase | April 18, 2006 7:20 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company