Security Update 2005-007 available

Software UpdateApple has released a security update for users of OS X 10.3.9 and 10.4.2. This security update is recomended to all users.

This update includes the following components:

AppKit
BlueTooth
CoreFoundation
cups
Directory Services
HIToolBox
Kerberos
loginwindow
Mail
OpenSSL
QuartzComposerScreenSaver
Security Interface
Safari
X11
zlib


information about Security Update 2005-007

advertisement:

Additional information about this security update in Safari.

Impact: Clicking on a link in a maliciously-crafted rich text file in Safari could lead to arbitrary command execution.

Description: Safari renders rich text content using code that allows URLs to be called directly, which bypasses the normal browser security checks. This update addresses the issue by handling all links in rich text through Safari.

Impact: Information can be inadvertently submitted to the wrong site.

Description: When submitting forms in Safari on an XSL formatted page, data is sent to the next page browsed. This update addresses the issue by ensuring that form contents are submitted correctly. Credit to Bill Kuker for reporting this issue.


Posted by Antony at August 16, 2005 1:15 PM

>> more MacCentre701 August 2005 reports.