Peaches Posted August 13, 2009 Report Share Posted August 13, 2009 12 August 2009, 09:27Apple releases security update for SafariApple have released Safari 4.0.3, a security update for the Safari web browser, to address a number of issues. Six problems are addressed; critical bugs, including a heap buffer overflow in CoreGraphics when drawing long text strings and a buffer overflow when handling EXIF metadata on Windows XP and Vista which may lead to arbitrary code execution or crashes. Another buffer overflow, this time in WebKit, affects Windows and Mac OS X, and could lead to crashes or malicious code execution.Other issues include the ability for a malicious web site to promote arbitrary sites into Safari's "Top Sites" page, disclosure of sensitive information, launching of file URLs and fixes to the handling of look-a-like characters in domain names. A proof of concept exploit has been released publicly for the "Top Sites" issue. The look-a-like character issue is a homograph spoofing attack, where a character from one character set, say a Cyrillic "a", is placed where a Latin character set "a" would be in a domain name. As these characters are visually very similar, it becomes difficult to determine that a domain name actually contains these substituted characters. This allows phishers to, for example, register a domain which appears to be www.paypal.com.The update is available through Apple's Software Update service, or to download for Mac OS X 10.4.11, 10.5.7 and 10.5.8, Mac OS X Server 10.4.11, 10.5.7 and 10.5.8, and Windows XP and Vista.Heise security - http://www.h-online.com/security/Apple-rel...i--/news/113979 Quote Link to post Share on other sites
isteve Posted August 13, 2009 Report Share Posted August 13, 2009 Also another security update today that fixes a problem with a Unix utility that caused a DNS vulnerability. And a recent Airport update for some macbooks and macbook pros. 10.6 is Gold Mater so there's probably going to be more updates to tighten up 10.5 security and make things compatible with future software. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.