Apple offers Webcore/Webkit fixes for Tiger, Panther
updated 05:55 pm EDT, Fri June 22, 2007
Apple hardens Mac OS X
Apple today released Security Update 2007-006, addressing security holes in its WebCore and WebKit technologies which directly affect Web browsing under Mac OS X. The security update fixes an HTTP injection issue that exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted Web page, an attacker could conduct cross-site scripting attacks. A second fix addresses a hole where an invalid type conversion when rendering frame sets could lead to memory corruption, possibly resulting in an unexpected application termination or arbitrary code execution when users visit a maliciously crafted Web page, according to Apple. The company today also released Safari-specific security fixes in a separate update for Safari 3.0.1 Beta users which includes the afore-mentioned updates.
Fresh-Faced Recruit
Joined: May 2002
Wow . . . that seemingly
'simple' little update caused me 8-10 hurs last night having to restore my system back from 10.4.0 to 10.4.9. That patch 'pooched' my Safari 2.0.4 to the point it would disappear upon clicking on a link (weird). I'm good now but wary of future patches. (This happened on my 12" G4 iBook too.)
- G4 12" PowerBook 2005