updated 12:30 am EDT, Fri August 1, 2008
Apple solves DNS spoofs
Apple on Thursday unveiled Security Update 2008-005, offering users protection against several major vulnerabilities, some of which affect many different platforms. The most major problem solved relates to Domain Name spoofing wherein a maliciously crafted website, coming in the form of a trusted website, would be substituted, allowing it to collect a user's personal information, such as address, phone number, or credit card numbers.
Additional fixes were applied to the following: Open Scripting Architecture, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAM, OpenSSL, PHP, QuickLook, and rsync. Most of the fixes relate to malicious arbitrary code execution, while some pertain to permission fixes.