No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

read more

Apple drops a bundle of patches in Software Update 2009-001 and Java updates

IT Industry - Market

Apple has released a wide-ranging set of Mac OS X security updates, including a fix for the Safari RSS issue. There's also a pair of Java updates for Tiger and Leopard.

In January 2009, Brian Mastenbrook notified Apple and then warned the wider community about a Safari vulnerability "to an attack that allows a malicious web site to read files on a user's hard drive without user intervention."

It wasn't necessary for the user to take advantage of Safari's RSS features, only that a web page containing such a malicious URL to be opened in Safari.

Mastenbrook initially recommended that users adjust Safari's preferences so that a different program was used to handle feed: URLs. He later recommended the use of a third-party utility to ensure that feeds: and feedsearch: URLs were diverted from Safari.

It turns out that there were multiple input validation issues in Safari's handling of feed: URLs, allowing the execution of arbitrary JavaScript in the local security zone.

The problem has been fixed by Security Update 2009-001 for Mac OS X (10.4.11 Tiger and 10.5.6 Leopard) and Safari 3.2.2 for Windows (XP and Vista).

Several of the patches in Security Update 2009-001 concern third-party components used in Mac OS X, including ClamAV (server versions only), fetchmail, perl, python, SquirrelMail (server versions only), X11 and XTerm.

Once again, Apple has been less than quick to deliver these updates to its customers. Please read on.



- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more