Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001

February 12th, 2009

Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001

Apple has released four different bulletins to cover 48 documented vulnerabilities in the Mac OS X, a solitary code execution flaw affecting Safari for Windows and four different security problems in Java for Mac OS X.

Multiple input validation issues exist in Safari’s handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs.

Multiple vulnerabilities exist in Java Web Start and the Java Plug-in, the most serious of which may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with the privileges of the current user.

Security Update 2009-001 is quite important, providing patches for holes in a wide range of components, including several open-source implementations like ClamAV and fetchmail.

This is a high-priority update for all Mac OS X users, details can be found in official advisory.

Windows XP and Vista users with Safari installed are also vulnerable.

Email, Bookmark or Share:

More on CyberInsecure:

Apple Patch 67 Mac OS X And Safari Vulnerabilities

Apple QuickTime Multiple Remote Vulnerabilities

Apple Patches Multiple Vulnerabilities In Safari 3.1.1

Privacy Flaw Found In Apple Safari RSS Reader

iLife Security Vulnerabilities Patched By Apple In iLife Support 8.3.1

Posted in Apple, Software, Vulnerabilities, Windows |

Print This Post

This entry was posted on Thursday, February 12th, 2009 at 4:06 pm and is filed under Apple, Software, Vulnerabilities, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

Latest News Updates

Adobe published an out-of-sequence update for its Reader and Acrobat software packages that tackles a brace of serious flaws. Adobe advises users to upgrade to Acrobat version 9.3.1 and Reader version 9.3.1

Adobe has released a security update for its Flash Player and AIR products. The patch addresses a critical unauthorized cross-domain interaction vulnerability, as well as a Denial of Service issue. Users are advised to upgrade to Flash Player 10.0.45.2 and AIR 1.5.3.1930.

Microsoft published KB Article 980088 in response to the recently announced vulnerability in Internet Explorer. Microsoft confirms that it is possible for a malicious website to read files from the clients computer. All versions of Windows and Internet Explorer appear to be affected.

Latest Virus Descriptions

Backdoor.Win32.Clampi.a 25 Sep 2009 14:51:00 +030
This Trojan spy program is designed to steal confidential user data and remotely manage the victim machine. It is a Windows PE EXE file. It is 470 bytes in size. Installation When launched, the Trojan creates the following file: %AppData%\<name>.exe <name&gr; is chosen at random from…
Trojan-Dropper.Win32.Agent.albv 15 Apr 2009 12:17:00 +030
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 23552 bytes in size. Installation The Trojan copies its executable file as follows: %WinDir%\system\svhost.exe In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan adds a link…
Backdoor.Win32.Agent.abgg 15 Apr 2009 12:15:00 +030
This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 22528 bytes in size. Installation Once launched, the Trojan copies its body to the Windows system directory as “digeste.dll”: %System%\digeste.dll In order to ensure that the Trojan…
Trojan-Dropper.Win32.Kido.a 15 Apr 2009 12:09:00 +030
This Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 78848 bytes in size. It is written in C++.
Trojan-Downloader.Win32.Kido.a 18 Mar 2009 16:36:00 +030
This malicious program is a Windows DLL file. Installation The malware copies its executable file with random names to the following directories: %Program Files%\Internet Explorer\<rnd>.dll %Program Files%\Windows Media Player\<rnd>.dll %Program Files%\WindowsNT\<rnd>.dll %Program…
Email-Worm.Win32.Merond.a 12 Mar 2009 19:36:00 +030
This worm spreads as an attachment to infected emails and also via file-sharing networks and removable media. The worm itself is a Windows PE EXE file. The worm’s executable file can vary between 150KB to 400KB in size. Installation The worm copies its executable file to the Windows system…
Trojan.Win32.Agent.azsy 12 Mar 2009 19:29:00 +030
This malicious program is a Trojan. It is a Windows PE EXE file. It is 417792 bytes in size. It is packed using UPX. The unpacked file is approximately 439KB in size. It is written in C++. Installation Once launched, the Trojan copies its body to the current user’s Windows startup…
Trojan.Win32.Agent2.dtb 12 Mar 2009 19:23:00 +030
This Trojan calls premium rate numbers without the knowledge or consent of the user. It is a Windows PE EXE file. It is 25131 bytes in size. It is written in Delphi.
Trojan-Downloader.Win32.Small.ydh 24 Feb 2009 11:45:00 +030
This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 34816 bytes in size. It is not packed in any way. It is written in C++. Installation Once launched, the Trojan…
Trojan-Downloader.Win32.Agent.ahoe 24 Feb 2009 11:32:00 +030
This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 9216 bytes in size. It is packed using UPX. The unpacked file is approximately 38KB in size. It is written in…

CyberInsecure.com