Apple drops a bundle of patches in Software Update 2009-001 and Java updates

By Stephen Withers
Friday, 13 February 2009 10:14

Market

Page 1 of 3
Apple has released a wide-ranging set of Mac OS X security updates, including a fix for the Safari RSS issue. There's also a pair of Java updates for Tiger and Leopard.
In January 2009, Brian Mastenbrook notified Apple and then warned the wider community about a Safari vulnerability "to an attack that allows a malicious web site to read files on a user's hard drive without user intervention."

It wasn't necessary for the user to take advantage of Safari's RSS features, only that a web page containing such a malicious URL to be opened in Safari.

Mastenbrook initially recommended that users adjust Safari's preferences so that a different program was used to handle feed: URLs. He later recommended the use of a third-party utility to ensure that feeds: and feedsearch: URLs were diverted from Safari.

It turns out that there were multiple input validation issues in Safari's handling of feed: URLs, allowing the execution of arbitrary JavaScript in the local security zone.

The problem has been fixed by Security Update 2009-001 for Mac OS X (10.4.11 Tiger and 10.5.6 Leopard) and Safari 3.2.2 for Windows (XP and Vista).

Several of the patches in Security Update 2009-001 concern third-party components used in Mac OS X, including ClamAV (server versions only), fetchmail, perl, python, SquirrelMail (server versions only), X11 and XTerm.

Once again, Apple has been less than quick to deliver these updates to its customers. Please read on.


«StartPrev123NextEnd»

SPONSORED PRESS RELEASES

Independent Research Shows High Customer Satisfaction for NetSuite
NetSuite Inc. (NYSE: N), a leading vendor of cloud computing business management software suites, today announced that technology advisory firm Nucleus Research has completed an independent survey of NetSuite customers and concluded that NetSuite customers are highly satisfied, l...
Websense Security Labs Reports ‘User Trust’ Targeted Attacks; Over 1 in 10 ‘Top Search’ Results Categorised as Malware; Increased Focus on Web 2.0
ComOps Scoops Leading Position in SmartCompany Dun and Bradstreet IT Company Growth List
F5 APAC CIO Survey Underscores Need for Proactive Approach to Application Delivery and Cloud Computing
F5 Delivers Next-Generation Application Delivery Services Giving Enterprises More Control with Context-Aware Networking
WatchGuard Enhances Security Software
engin Launches Hosted Phone System for Australian Small Business

Featured IT jobs

Melbourne
Senior Software consultant
Senior Software consultant responsible for providing support on a unique enterprise level software solution for various customers, Melbourne based!
Skills Tags:   IT  ITIL  Linux  Management  RFP  Unix
Sydney
Database Developer - SQL Server 2005
This financial client has an excellent opportunity for an experienced Database Developer. SQL 2005 Some Schema design + SSIS & SSRS - 80k+super
Skills Tags:   Design  Development  SQL  SQL Server
Melbourne
Hyperion Planning Consultant
Massive Hyperion Project requires a Hyperion Planning Architect / Lead Developer - drive home a huge Hyperion solution.
Skills Tags:   Architect  Design  Development  Hyperion
Sydney
OBIEE BI/DW Consultant
OBIEE Consultant to work on a very large greenfield OBIEE implementation to date to work end-to-end with excellent modelling & BI Server skills
Skills Tags:   Business Intelligence  Cognos  Hyperion  Informatica  Oracle  SQL

Editors Picks

Stories you may have missed

How YouTube is killing mobile networks, and what to do about it

Microsoft Surface slips into Australia

Wikileaks is back from the brink
 

What iTWire offers for free

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases