[MacTUG] FYI: Apple releases security update 2008-002 for the OS and a Safari security update

[Glenn Anderson]

Here is a brief summary that I came across of yesterday's security  
updates for the Mac OS X and Safari.


Apple has issued a major security update for Mac OS X and Safari. The  
update addresses 86 common vulnerability and exposure CVE entries in  
30 applications for Mac OS.

Among the components addressed by the update are vulnerabilities in  
the Printing and Preview components which could allow encrypted PDF  
files to be viewed without authentication.

Other fixes include security updates for the ClamAV antivirus  
application, the OS X Leopard application firewall and several Apache  
components.

The Safari update addresses 13 security vulnerabilities, one of which  
could allow an attacker to remotely execute code on OS X, Windows XP  
and Windows Vista systems if exploited by an attacker.

Nine of the patched flaws could allow an attacker to conduct a cross- 
site scripting attack in which information entered into one page is  
transmitted to another site run by an attacker.

These vulnerabilities were found in the WebKit and WebCore components  
of the browser, as well as the elements of the browser that handle  
JavaScript and the error page.

Both the OS X and Safari updates can be downloaded automatically by  
way of Apple's Software Update tool or manually from the Apple  
Downloads site.



for full details from Apple, see http://docs.info.apple.com/ 
article.html?artnum=307562 (OS) and http://docs.info.apple.com/ 
article.html?artnum=307563 (Safari)

Glenn Anderson
Client Services, IST
University of Waterloo
Waterloo, On
519-888-4567 x33327
anderson at uwaterloo.ca



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.uwaterloo.ca/pipermail/mactug/attachments/20080319/f7207300/attachment.html