Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001
Apple has released four different bulletins to cover 48 documented vulnerabilities in the Mac OS X, a solitary code execution flaw affecting Safari for Windows and four different security problems in Java for Mac OS X.
Multiple input validation issues exist in Safari’s handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs.
Multiple vulnerabilities exist in Java Web Start and the Java Plug-in, the most serious of which may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with the privileges of the current user.
Security Update 2009-001 is quite important, providing patches for holes in a wide range of components, including several open-source implementations like ClamAV and fetchmail.
This is a high-priority update for all Mac OS X users, details can be found in official advisory.
Windows XP and Vista users with Safari installed are also vulnerable.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.