Apple Issues New Security Patch

Apple Computer has issued a new security patch to cover seven vulnerabilities in its Mac OS X operating system.

The vulnerabilities addressed in the update cover the Apple?s Safari browser, ColorSync system, e-mail program and other elements of the OS. The browser problem is caused by the "Block Pop-Up Windows" feature not being enabled, allowing malicious pop-up window to appear as if they are from trusted sites, Apple said.

The ColorSync flaw allows malformed color profiles to overwrite a program, resulting in arbitrary code execution. Mac Mail has been modified to hide information that could identify the Ethernet networking hardware used by the computer sending mail. ?

Beginning with this update, Apple has changed the naming scheme of Apple Security Updates from a date format to a format based on the year and a sequence number.

Security Update 2005-001 is specifically for Mac OS X v10.2.8, Mac OS X Server v10.2.8, Mac OS X v10.3.7 and Mac OS X Server v10.3.7. The software is available for download either using the Software Update system preference pane or through the Apple Downloads Web site.