Security Update 2007-002 for Mac OS X addresses four vulnerabilities highlighted during the Month of Apple Bugs, while other updates take care of daylight saving changes and other issues.
Disk image files now undergo additional validation before being mounted, preventing a buffer overflow caused by maliciously-crafted volume name.
The UserNotificationCenter process now drops its group privileges immediately after launching, which should prevent it being exploited by unprivileged local users to gain root privileges.
Two iChat vulnerabilities are also addressed by the update. Bonjour messages undergo additional validation to prevent crashing, and AIM URLs now get extra validation to avoid crashing or arbitrary code execution.
In related news, Apple has also released Daylight Saving Time Update 1.0 (to accommodate changes in Daylight Saving Time in the US and Canada effective next month and to provide the latest time zone information for other countries) and Java for Mac OS X 10.4, Release 5 (which also handles daylight saving issues as well as "improved reliability and compatibility".
Each update is available in versions for Mac OS X 10.3 and 10.4.
RECRUITMENT & RETENTION REPORT 2013
HIRE OR FIRE? BUY OR BUILD
2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.
If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.
Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.
