New Mac OS X Security Update; Significant Safari Fixes Included

A pple has released a new security update for Mac OS X 10.3.6 called Security Update 2004-12-02. The update addresses issues with several key components of Mac OS X, including two significant issues affecting Safari. From the security update notes on Appleis Mac OS X Security page:

Safari
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8
Impact: Specially crafted HTML can display a misleading URI the Safari status bar.
Description: Safari could be tricked into displaying a URI in its status bar that was not the same as the destination of a link. This update corrects Safari so that it now displays the URI that will be activated when selected.

Safari
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8
Impact: With multiple browser windows active Safari users could be mislead about which window activated a pop-up window.
Description: When multiple Safari windows are open, a carefully timed pop-up could mislead a user into thinking it was activated by a different site. In this update Safari now places a window that activates a pop-up in front of all other browser windows. Credit to Secunia Research for reporting this issue.

The other components updated are:

  • Apache
  • AppKit
  • HIToolbox
  • Kerberos
  • Postfix
  • PSNormalizer
  • Terminal

You can find the update in your Software Update control panel in Mac OS X 10.3.6. You can also find more information and direct download links at Appleis Mac OS X Security page.