recent posts

Social Networking Accounts Prized By Cybercrooks
RedBox Warns of Credit Card Skimmers
Opera Updates and a Black Tuesday Preview
Beware Targeted Data-Stealing Tax Scam
Consumers Report $239 Million Lost To Cyber Fraud In '07

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Apple Update Fixes 13 Security Flaws

Apple has issued an update that patches several security flaws in its Mac OS X operating system, including a hole that a security researcher last week showed could be used by attackers to install malware on affected systems through Safari, the default Web browser on Macs.

The update fixes at least 13 OS X security vulnerabiltiies, including four distinct Safari flaws that a malicious Web site or RSS feed could use to install programs on a visiting machine. Among the other problems addressed in this update is an issue with the default OS X e-mail program, which Apple said in some cases can fail to warn users about which e-mail attachment file types are potentially unsafe to open.

Updates are available for OS X v10.3.9, OS X Server v10.3.9, OS X v10.4.5, and OS X Server v10.4.5. Mac users can upgrade manually through Apple Downloads or through Software Update.

By Brian Krebs |  March 1, 2006; 5:30 PM ET New Patches
Previous: SiteAdvisor Adds Search Safety | Next: Malware-Speak Spooks Symantec

Comments

Please email us to report offensive comments.



hippies. apple is backdoored by the nsa and there's nothing you can do about it. use dos, use snailmail!

Posted by: moloc | March 2, 2006 5:50 AM

Wow, You certain are a retard aren't you moloc.

Posted by: zid | March 2, 2006 7:09 AM

I love my mac and will never go back.

Posted by: granny smith | March 2, 2006 10:43 AM

Funny, I installed the patch last night yet the infamous Heise.jpg file still has a jpeg icon, and when double-clicked will still run the terminal script. What's up with that?

Also funny, I work with mac and windows both, and don't feel the need to flame anyone in this discussion. Relax, y'all.

Posted by: andro | March 2, 2006 3:16 PM

As far as the metadata/misdisplay vulnerability goes, this security patch only closes off the trivial automatic exploits via Safari.

It does not fix the underlying problem with the Finder (and Mail, possibly others) displaying a Terminal shell script or a Script Runner compiled applescript as if it were really some other type of file, like a "safe" data-only jpg or mov. Apple needs to close off that opportunity for mischief before they can declare this security bug fixed.

Posted by: Richard Johnson | March 2, 2006 6:31 PM

I like the column, but this misses the part about the aspect of the patch that blocks the x86 hack that allows OS X to run on non mac systems (or so they say)...

Posted by: J | March 3, 2006 12:41 PM

Very good site, congratulations! metal suitcase

Posted by: suitcase | April 18, 2006 7:20 AM

The comments to this entry are closed.

 
 

©  The Washington Post Company