updated 05:55 pm EDT, Fri June 22, 2007
Apple hardens Mac OS X
Apple today released Security Update 2007-006, addressing security holes in its WebCore and WebKit technologies which directly affect Web browsing under Mac OS X. The security update fixes an HTTP injection issue that exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted Web page, an attacker could conduct cross-site scripting attacks. A second fix addresses a hole where an invalid type conversion when rendering frame sets could lead to memory corruption, possibly resulting in an unexpected application termination or arbitrary code execution when users visit a maliciously crafted Web page, according to Apple. The company today also released Safari-specific security fixes in a separate update for Safari 3.0.1 Beta users which includes the afore-mentioned updates.