Apple releases another security update

Apple today released yet another security update that improves on its previous attempt to address the Mac OS X Zero Day exploit in its Safari browser and bundled email application (Mail.app). Apple's Security Update 2006-001, released last week, addressed an issue where Safari could automatically open a file which appears to be a safe file type, such as an image or movie, but is actually an application. The new Security Update 2006-002 update provides additional checks to identify variations of the malicious file types addressed in Security Update 2006-001 so that they are not automatically opened, according to Apple. This issue does not affect systems prior to Mac OS X v10.4. The update also provides fixes for a JavaScript flaw in CoreTypes as well as provides bug fixes in the Apache PHP module, download validation, and rysnc introduced by the previous security update. Earlier today, we noted new security flaws in iTunes and QuickTime, which have yet to be addressed. The update is available via the Software Update or the web for both Mac OS X 10.4 Tiger (PPC Client/Server, Intel Client Only) and Mac OS X 10.3 Panther client and Server versions.

Filed under: troubleshooting