toggle

AAPL Stock: 106.98 ( -0.36 )

Printed from http://www.macnn.com

Apple fixes security update bug, flaw

updated 04:30 pm EDT, Tue May 1, 2007

Security Update bugs fixed

Apple today released a revised security update to fix a two bugs introduced with last week's update from the company, but did not address two important zero-day QuickTime flaws or a Safari flaw that was used to hack a MacBook. Security Update 2007-004 v1.1 (PPC version), for Mac OS X 10.3 Panther and for Mac OS X 10.4 Server systems, includes the contents of Security Update 2007-004 (released in mid-April) but also includes two crucial fixes for issues introduced by the update. Apple says it resolves a wake-after-sleep issue involving AirPort connections on Mac OS X 10.3.9 installed systems that was introduced in last week's security update. The latest update also fixes a newly introduced security issue that enables users with ftp access to navigate to directories outside the normal scope.

Apple notes that the Security Update 2007-004 applied an incorrect ftp configuration file for Mac OS X Server v10.4.9 systems.

"Users with ftp access, who would normally be restricted to certain directories, may be able to access directories outside the normal scope. This update addresses the issue by restoring the correct version of the ftp configuration file. This issue only affects Mac OS X Server v10.4.9 with Security Update 2007-004."

Mac OS X 10.4.9 (client) and Mac OS X Server 10.3.9 systems that have already installed Security Update 2007-004 are not affected and the Software Update utility will not display Security Update 2007-004 1.1 for these systems, the company said in its documentation.

The update, however, does not contain fixes for two older zero-day QuickTime flaws, which could allow attackers to make QuickTime stop responding or execute arbitrary code as the user. Apple also did not address the Safari flaw that allowed researchers to hack a MacBook Pro at the CanSecWest security conference.

Update: Apple on Tuesday also released QuickTime 7.1.6 to address a critical zero-day flaw in QuickTime for Java.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. ThunkDifferent.com

    Joined: Dec 1969

    0

    Quick fix

    This is a good sign. Apple usually takes awhile to fix a flaw. That macbook hack (that works on windows and likely linux too) just happened. So, i'm glad to hear of this report and am updating the Cupertino 45.1 mb Quicktime update as i write.

    http://thunkdifferent.com

  1. petsounds

    Joined: Dec 1969

    0

    re: quick fix

    The article says that the update does *not* address the recently Safari-based hack.

  1. nagromme

    Joined: Dec 1969

    0

    re: quick fix

    But the accompanying QT update DOES fix the issue. (For both Mac and Windows.)

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bring ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

toggle

Most Commented