Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 12th, 2009

Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001

Apple has released four different bulletins to cover 48 documented vulnerabilities in the Mac OS X, a solitary code execution flaw affecting Safari for Windows and four different security problems in Java for Mac OS X.

Multiple input validation issues exist in Safari’s handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs.

Multiple vulnerabilities exist in Java Web Start and the Java Plug-in, the most serious of which may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with the privileges of the current user.

Security Update 2009-001 is quite important, providing patches for holes in a wide range of components, including several open-source implementations like ClamAV and fetchmail.

This is a high-priority update for all Mac OS X users, details can be found in official advisory.

Windows XP and Vista users with Safari installed are also vulnerable.

Share this item with others:

More on CyberInsecure:
  • Apple Patch 67 Mac OS X And Safari Vulnerabilities
  • Apple Patches Multiple Vulnerabilities In Safari 3.1.1
  • Privacy Flaw Found In Apple Safari RSS Reader
  • Apple QuickTime Multiple Remote Vulnerabilities
  • Mac users are advised not to use Safari by Consumer Reports

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.