Apple Releases Major Security Update for OS X

Feb 13th, 2009
by Chris Atomic.

Safari bug finally patched as Apple issues large security update for Mac OS X 10.5 Leopard, Mac OS X 10.4 Tiger and Mac OS X 10.5 Server. Java and other critical components updated as well.

Safari bug finally patched as Apple issues large security update for Mac OS X 10.5 Leopard, Mac OS X 10.4 Tiger and Mac OS X 10.5 Server. Java and other critical components updated as well.

The biggest security update released by Apple in nearly a year was released today for Mac OS X and certain Java components.

Security Update 2009-001 fixes a least 25 issues with operating system components including a high-risk security flaw in the Apple Pixlet Video component, which upon opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

Apple finally patched the Safari RSS vulnerability, discovered over 6-months ago by Brian Mastenbrook. Found in both the Mac OS X and Windows variants of the browser, the Safari RSS vulnerability could be used to introduce attack code from a malicious site. All criminals had to do was trick users into visiting a malicious site. Mastenbrook further claimed that this vulnerability did not require expert knowledge of core operating system components to exploit.

Safari bug finally patched as Apple issues large security update for Mac OS X 10.5, Mac OS X 10.4 and Mac OS X Server 10.5

“The version of Safari included with Leopard and the Windows version of Safari were vulnerable to an attack that would allow a malicious web page to read any file you had access to on your computer, and possibly to perform a cross-site scripting attack,” Mastenbrook said on his site. “This issue was caused by a design error in the RSS feed reader built in to Safari that treated some remote content as if it were loaded from the local computer, thus granting it access to the local filesystem.”

Mastenbrook promptly reported the major issue to Apple, which did nothing for over 6-months and just today, have finally patched it in their Security Update 2009-001 release.

Other components that could also lead to arbitrary code execution were fixed as well, including vulnerabilities in ClamAV, X11, SMB and the perl and python programming languages.

Security Update 2009-001 patches all items listed on Apple’s site and upgrades Safari to Version 3.2.2. for both Mac OS X and Windows, however, Apple has released a separate update for Windows Safari users.

The Java updates introduced by Sun a few months ago are also in a separate download package available from the Apple Support Site or automatically through the Mac OS X Update Service.

Brian Mastenbrook’s gives an in-depth analysis of the Safari RSS flaw on his blog here

You can find the Official Apple Security Update 2009-001 Release Contents here

If you’re a Windows Safari user, you can find the Windows Safari 3.2.2 Summary from Apple here

Find out how easy it is to save on car insurance. Visit Esurance today!

Share and Enjoy:
  • E-mail this story to a friend!
  • Print this article!
  • Reddit
  • Digg
  • del.icio.us
  • TwitThis
  • Live
  • Google
  • Sphinn
  • MySpace
  • Facebook
  • StumbleUpon
  • LinkedIn
  • Mixx
  • Technorati

Posted in: Apple, Information Security, News & Events, Security Alerts, Tips & Tricks.
Tagged: · · · ·

BlackBerry Security Flaw Found in Web App Loader
Sun CEO Praises JavaFX Platform

One Comment

  1. Tech Blog » Apple Releases Major Security Update for OS X | AtomicSub Technology says:
    February 13, 2009 at 6:06 pm

    [...] Original post by Chris Atomic [...]

    Reply

Leave a Reply