Apple Issues New Security Patch

Apple Computer has issued a new security patch to cover seven vulnerabilities in its Mac OS X operating system.

The vulnerabilities addressed in the update cover the Apple?s Safari browser, ColorSync system, e-mail program and other elements of the OS. The browser problem is caused by the "Block Pop-Up Windows" feature not being enabled, allowing malicious pop-up window to appear as if they are from trusted sites, Apple said.

The ColorSync flaw allows malformed color profiles to overwrite a program, resulting in arbitrary code execution. Mac Mail has been modified to hide information that could identify the Ethernet networking hardware used by the computer sending mail. ?

Beginning with this update, Apple has changed the naming scheme of Apple Security Updates from a date format to a format based on the year and a sequence number.

Security Update 2005-001 is specifically for Mac OS X v10.2.8, Mac OS X Server v10.2.8, Mac OS X v10.3.7 and Mac OS X Server v10.3.7. The software is available for download either using the Software Update system preference pane or through the Apple Downloads Web site.

Popular TMO Stories

No Comments

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account