 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Apple catches up with BIND as one of a dozen security patches
Our Blogs Core Dump Apple catches up with BIND as one of a dozen security patches | Apple catches up with BIND as one of a dozen security patches |
|
| by Stephen Withers | |
| Monday, 04 August 2008 | |
|
Page 2 of 3 A similar change prevents malicious web sites from sending values to CoreGraphics that result in memory corruption, unexpected application termination or the execution of arbitrary code.A "resource consumption issue" in the Data Detectors Engine that previously allowed maliciously crafted messages to crash Mail has been fixed. Data Detectors automatically recognises information such as addresses and appointments in text. While it was a new addition to Mac OS X 10.5, a similar technology was part of Mac OS 9. Disk Utility's repair permissions feature no longer sets permissions on the Emacs editor that allow the execution of commands with system privileges. (It sounds to me that anyone who knew about this issue would have had a good chance of unobtrusively gaining full control over practically any Mac they could lay their hands on.) Remote attackers are no longer able to cause the termination of the OpenLDAP daemon by sending a maliciously crafted LDAP message. Similarly, improved bounds checking in OpenSSL prevents maliciously crafted packets causing unexpected application termination or the execution of arbitrary code. Three other components have been updated, so please read on. |
| < Next story in category | Previous story in the category > |
|---|
