macnn news
Text Size

Apple releases another security update

updated 04:35 pm EST, Mon March 13, 2006

Security Update 2006-002

Apple today released yet another security update that improves on its previous attempt to address the Mac OS X Zero Day exploit in its Safari browser and bundled email application (Mail.app). Apple's Security Update 2006-001, released last week, addressed an issue where Safari could automatically open a file which appears to be a safe file type, such as an image or movie, but is actually an application. The new Security Update 2006-002 update provides additional checks to identify variations of the malicious file types addressed in Security Update 2006-001 so that they are not automatically opened, according to Apple. This issue does not affect systems prior to Mac OS X v10.4. The update also provides fixes for a JavaScript flaw in CoreTypes as well as provides bug fixes in the Apache PHP module, download validation, and rysnc introduced by the previous security update. Earlier today, we noted new security flaws in iTunes and QuickTime, which have yet to be addressed. The update is available via the Software Update or the web for both Mac OS X 10.4 Tiger (PPC Client/Server, Intel Client Only) and Mac OS X 10.3 Panther client and Server versions.

By MacNN Staff

Article Tags :

E-Mail
Print
Comments (9)
digg
buzz up
slashdot
del.icio.us
tweet

Related Articles

Recent Articles

 
Previous Comments

ugh

03/13, 06:34pm reply

this new update is giving me some problems, my mac minis running slower, and shiira wont start up

mattg333

Fresh-Faced Recruit

Joined: Feb 2006

0

indeed

03/13, 08:09pm reply

Have to agree at least about Shiira. It just stopped working after this update. Sad.

Mouton

Fresh-Faced Recruit

Joined: Apr 2003

0

Mine appears OK

03/13, 09:28pm reply

And I use Shiira regularly, and it's working fine after the update.

Be sure to do a "repair permissions" in Disk Utility after a system update. I haven't done it yet myself, but I'm doing it in a moment...

kw99

Fresh-Faced Recruit

Joined: Nov 2001

0

Weather.com Crashing?

03/13, 09:32pm reply

Ran the security update for OS X 10.3.9. Great... except weather.com now crashes Safari as you attempt to navigate through the page's menus (Yesterday, Today, Hour-by-Hour, Tomorrow, etc.). Ughh...

Arolte

Fresh-Faced Recruit

Joined: Jul 2004

0

don't bother

03/13, 11:14pm reply

Disable "open safe files after download" and don't worry about this kind of attack. There's no general solution to the problem without changing the way Safari opens files.

http://www.scarydevil.com/~peter/io/apple3.html

resuna

Fresh-Faced Recruit

Joined: Jan 2005

0

Re: don't bother

03/13, 11:45pm reply

Doesn't help if you download the file, then go to manually open said "jpg" only to find out its a .app!

LouZer

Fresh-Faced Recruit

Joined: Nov 2000

0

learn not to be a target

03/14, 04:43pm reply

People learn not to "download a file and go manually open said jpg". This is a much bigger problem on Windows, and it's almost a non-problem *IF* you can avoid letting the bad guys pick the time and place...

For seven years our primary "antivirus" was "don't use internet explorer or outlook" (the applications that are the poster-boys for this kind of social engineering) and "learn from your mistakes".

I occasionally had to go and fix someone's PC because they'd downloaded a file to the desktop and then opened it and it turned out to be a bad-un. I never had to do it twice with anyone. Even the 'cup-holder' level users learned to check what downloaded files and attachments were trying to run as instead of just double-clicking them.

resuna

Fresh-Faced Recruit

Joined: Jan 2005

0



Popular News