CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 13th, 2009

Apple Patch 67 Mac OS X And Safari Vulnerabilities

On the same day Microsoft shipped a bundle of patches for gaping holes in its PowerPoint software, Apple followed suit, dropping a monster Mac OS X update to correct 67 security vulnerabilities.

The sudden Apple Patch Day also included a patch to cover a trio of flaws in the Safari Web browser (Mac OS X and Windows).

The OS X update covers flaws in 31 different components, including several known (and dated) issues in open-source packages used by Apple. These include vulnerabilities in Apache, BIND, CUPS, OpenSSL, PHP and Kerberos.

The update also fixes what Apple describes as “arbitrary code execution” vulnerabilities in ATS, CFNetwork, CoreGraphics, Cscope, Disk Images and Spotlight.

The full list of affected software, components and discussion of risk is available on Apple’s support site at http://support.apple.com/kb/HT1222.

Separately, Apple shipped new versions of its Safari 3 and Safari 4 (beta) browsers to cover the following issues:

libxml (CVE-2008-3529) A heap buffer overflow exists in libxml’s handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.  Affects both Mac OS X and Windows XP and Vista.

Safari (CVE-2009-0162) Multiple input validation issues exist in Safari’s handling of “feed:” URLs. Accessing a maliciously crafted “feed:” URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of “feed:” URLs. These issues do not affect systems prior to Mac OS X v10.5.  Also affects Windows XP and Vista.

WebKit (CVE-2009-0945) A memory corruption issue exists in WebKit’s handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking.

Credit: ZDNet.com Zero Day Blogs

Share this item with others:

More on CyberInsecure:
  • Apple Patches Multiple Vulnerabilities In Safari 3.1.1
  • Privacy Flaw Found In Apple Safari RSS Reader
  • Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001
  • Apple QuickTime Multiple Remote Vulnerabilities
  • Mac users are advised not to use Safari by Consumer Reports

    • Posted in Apple, Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Wednesday, May 13th, 2009 at 4:24 am and is filed under Apple, Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Apple Patch 67 Mac OS X And Safari Vulnerabilities

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »