AAPL Stock: 111 ( + 0.22 )

Printed from

Apple fixes holes in Safari, Bluetooth, file sharing

updated 05:00 pm EST, Mon March 21, 2005

Apple security update

Apple today released , which it says delivers a number of security enhancements, including an important update to its Safari web browser. Recommended for everyone, it includes updated components for AFP Server, Bluetooth Setup Assistant CoreFoundation, Cyrus SASL, Folder permissions, Safari, and Samba. Apple says that it updated a Folder Permissions security hole and its AFP file sharing protocol to prevent a denial of service attack and discovery of the contents of a file "Drop Box" (where others can upload, but not view/download data). Apple also fixed exploits related to Mac OS X 10.3 Server, including multiple vulnerabilities in Cyrus IMAP (email protocol) and Mailman (email list server). The update also brings improvements to Cyrus SASL and fixes an important Safari Web exploit that allowed maliciously registered International Domain Names to mask as legitimate sites.

by MacNN Staff





  1. Ralf_Wiggum

    Joined: Dec 1969


    Major Safari Fix Included

    None of the usual Mac news sites have pointed out that this security update has a major fix for Safari.

    Security Update 2005-003 updates Safari's support for International Domain Names (IDN) to prevent lookalike characters from being used to spoof the URL displayed in the address field, SSL certificate, or status bar.

    For more information about IDN support in Safari and how Security Update 2005-003 affects it, see:

  1. resuna

    Joined: Dec 1969


    Not a security fix

    IDN support can't be used to break the security on your computer. It just makes certain kinds of "phishing" attacks (where someone fakes a company's website) easier, but it's still possible... being aware that people fake financial web sites and always logging on through your own bookmarks is the real protection against phishing.


    Joined: Dec 1969


    Breaks user

    Ok. Yesterday, at work, we installed this update on three Macs. After restarting, 2 of the 3 Macs had severe problems at startup that fail to resolve. It immediately beachballs at login to that user (of which the security update was installed). Finder, Photoshop, Quark (not out of the ordinary), and any other programs all "are not responding" from the dock's submenu and have to be force quit. However, going into another user, things appear to work fine... but we do not want to have to do this because all the fonts (checked install for all users, but that never works anyway in Font Book) wont carry over, not to mention having to reset all preferences. Any suggestions? Any way to roll back?

  1. fritzw1957

    Joined: Dec 1969


    Why can't they...?

    Why can't the updater turn back on a service after it does it's update? I had Windows File Sharing turned on in several of my Macs only to find out that this last update turned it off... I know it's necessary to do that to do the update, but why can't it be re-engaged when the updater is ready to quit?

  1. slipperfrog

    Joined: Dec 1969


    Ethernet port disappears?

    I can no longer configure my iBook's ethernet port (en0) after the update. I don't know if it's the update's fault though because it didn't happen until the next day. So it could be an actual physical problem.

    Has anyone else encountered this?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented