View this article at: http://dev.macnn.com/articles/08/06/20/apple.tech.finds.ruby.hole
Friday, Jun 20, 2008 4:15pm

Apple tech discovers Ruby s...

An Apple technician has identified a vulnerability in the Ruby development platform, a security warning explains. Drew Yao of the Apple Product Security team is said to have discovered multiple arbitrary code vulnerabilities, which if exploited could be used to run a denial-of-service attack, or other local means of undermining a system. The vulnerabilities only impact specific versions of Ruby 1.8.4 through 1.8.7, and 1.9.

Ruby 1.8 users can fix the problem by upgrading to 1.8.5-p231, 1.8.6-p230 or 1.8.7-p22, while v1.9 users must switch to 1.9.0-2. These updates also address a WEBrick vulnerability. Mac OS X Leopard includes Ruby on Rails, a Ruby-based framework meant to speed up web development.