Apple drops a bundle of patches in Software Update 2009-001 and Java updates

Market

Apple has released a wide-ranging set of Mac OS X security updates, including a fix for the Safari RSS issue. There's also a pair of Java updates for Tiger and Leopard.

In January 2009, Brian Mastenbrook notified Apple and then warned the wider community about a Safari vulnerability "to an attack that allows a malicious web site to read files on a user's hard drive without user intervention."

It wasn't necessary for the user to take advantage of Safari's RSS features, only that a web page containing such a malicious URL to be opened in Safari.

Mastenbrook initially recommended that users adjust Safari's preferences so that a different program was used to handle feed: URLs. He later recommended the use of a third-party utility to ensure that feeds: and feedsearch: URLs were diverted from Safari.

It turns out that there were multiple input validation issues in Safari's handling of feed: URLs, allowing the execution of arbitrary JavaScript in the local security zone.

The problem has been fixed by Security Update 2009-001 for Mac OS X (10.4.11 Tiger and 10.5.6 Leopard) and Safari 3.2.2 for Windows (XP and Vista).

Several of the patches in Security Update 2009-001 concern third-party components used in Mac OS X, including ClamAV (server versions only), fetchmail, perl, python, SquirrelMail (server versions only), X11 and XTerm.

Once again, Apple has been less than quick to deliver these updates to its customers. Please read on.



SPONSORED PRESS RELEASES

Independent Research Shows High Customer Satisfaction for NetSuite
NetSuite Inc. (NYSE: N), a leading vendor of cloud computing business management software suites, today announced that technology advisory firm Nucleus Research has completed an independent survey of NetSuite customers and concluded that NetSuite customers are highly satisfied, l...

Featured IT jobs

Senior Software consultant responsible for providing support on a unique enterprise level software solution for various customers, Melbourne based!
Skills Tags:   IT  ITIL  Linux  Management  RFP  Unix
This financial client has an excellent opportunity for an experienced Database Developer. SQL 2005 Some Schema design + SSIS & SSRS - 80k+super
Skills Tags:   Design  Development  SQL  SQL Server
Massive Hyperion Project requires a Hyperion Planning Architect / Lead Developer - drive home a huge Hyperion solution.
Skills Tags:   Architect  Design  Development  Hyperion
OBIEE Consultant to work on a very large greenfield OBIEE implementation to date to work end-to-end with excellent modelling & BI Server skills
Skills Tags:   Business Intelligence  Cognos  Hyperion  Informatica  Oracle  SQL

Editors Picks

Stories you may have missed 

What iTWire offers for free

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases