toggle

AAPL Stock: 565.32 ( -5.24 )

Apple security update fixes PNG graphic, other issues

updated 06:30 pm EDT, Mon August 9, 2004

Mac OS X Security Update


Apple today posted a security update to resolve issues with loading corrupted or malicious PNG-format graphics as well as documented Safari and networking issues. Apple says the Security Update 2004-08-09, available via the Software Update--as a standalone update to those who have yet to apply the Mac OS X 10.3.5 update and Mac OS X 10.2.8 users and included with Mac OS X 10.3.5. ( was noted earlier today on MacNN. [updated with more security fix details]


  • libpng (Portable Network Graphics) (CAN-2002-1363, CAN-2004-0421, CAN-2004-0597, CAN-2004-0598, CAN-2004-0599). "Impact: Malicious png images can cause application crashes and could execute arbitrary code.



    "Description: A number of buffer overflows, null pointer dereferences and integer overflows have been discovered in the reference library for reading and writing PNG images. These vulnerabilities have been
    corrected in libpng which is used by the CoreGraphics and AppKit frameworks in Mac OS X. After installing this update, applications that use the PNG image format via these frameworks will be protected against these flaws." Note: The libpng security fixes are also available separately for Mac
    OS X 10.3.4 and Mac OS X 10.2.8 via Security Update 2004-08-09."

  • Safari (CAN-2004-0743): Impact: In a special situation, navigation using the forward/backward buttons can re-send form data to a GET url.



    "Description: This is for a situation where a web form is sent to a server using a POST method which issues an HTTP redirect to a GET
    method url. Using the forward/backward buttons will cause Safari to
    re-POST the form data to the GET url. Safari has been modified so
    that in this situation forward/backward navigation will result in only
    a GET method."




  • TCP/IP Networking (CAN-2004-0744). Impact: Maliciously crafted IP fragments can use too many system resources preventing normal network operation.



    Description: The "Rose Attack" describes a specially constructed
    sequence of IP fragments designed to consume system resources. The
    TCP/IP implementation has been modified to limit the resources
    consumed and prevents this denial of service attack.


by MacNN Staff

print
email
(2)

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. Rosyna

    Forum Regular

    Joined: Aug 2001

    0
    08/09, 06:48pm | report spam | Reply |

    Update not on all

    10.3.5 includes the PNG update so it won't appear for a lot of users if they install 10.3.5 since they already have it.

  1. LouZer

    Fresh-Faced Recruit

    Joined: Nov 2000

    0
    08/10, 12:35am | report spam | Reply |

    Re: update not at all

    Nothing in the docs state that it includes these fixes, just previous fixes. You most likely need both.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News