[MacTUG] FYI: Apple releases security update 2008-002 for the OS and a Safari security update
Glenn Anderson
anderson at uwaterloo.ca
Wed Mar 19 11:54:41 EDT 2008
Here is a brief summary that I came across of yesterday's security
updates for the Mac OS X and Safari.
Apple has issued a major security update for Mac OS X and Safari. The
update addresses 86 common vulnerability and exposure CVE entries in
30 applications for Mac OS.
Among the components addressed by the update are vulnerabilities in
the Printing and Preview components which could allow encrypted PDF
files to be viewed without authentication.
Other fixes include security updates for the ClamAV antivirus
application, the OS X Leopard application firewall and several Apache
components.
The Safari update addresses 13 security vulnerabilities, one of which
could allow an attacker to remotely execute code on OS X, Windows XP
and Windows Vista systems if exploited by an attacker.
Nine of the patched flaws could allow an attacker to conduct a cross-
site scripting attack in which information entered into one page is
transmitted to another site run by an attacker.
These vulnerabilities were found in the WebKit and WebCore components
of the browser, as well as the elements of the browser that handle
JavaScript and the error page.
Both the OS X and Safari updates can be downloaded automatically by
way of Apple's Software Update tool or manually from the Apple
Downloads site.
for full details from Apple, see http://docs.info.apple.com/
article.html?artnum=307562 (OS) and http://docs.info.apple.com/
article.html?artnum=307563 (Safari)
Glenn Anderson
Client Services, IST
University of Waterloo
Waterloo, On
519-888-4567 x33327
anderson at uwaterloo.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.uwaterloo.ca/pipermail/mactug/attachments/20080319/f7207300/attachment.html
More information about the MacTUG
mailing list