Tuesday, July 31, 2007, 06:40 pm PT (09:40 pm ET)
Apple posts Mac OS X 2007-007, Safari beta 3 security updatesTwo comprehensive security updates have been released that guard both Mac OS X and the test version of Safari 3 against several critical web and networking exploits.
Mac OS X Security Update 2007-007
Apple on Tuesday night released its seventh Mac OS X security patch of 2007, releasing versions for Panther (Client, Server) as well as variants for Tiger users on PowerPC systems (Client, Server) and newer Intel Macs (Client, Server).
Most of the changes affect all platforms, and close off potential buffer overflows and maliciously designed links that could lead to arbitrary code running in open-source components of the Mac OS, including bzip2, gnuzip, Kerberos, PHP, and Samba networking. Memory overflow exploits in iChat as well as the Java virtual machine's access to the CoreAudio platform were also addressed, Apple said.
Multiple WebCore and WebKit flaws that could affect website and scripting have also been addressed and mirror similar security changes made in the iPhone 1.0.1 Update also released on Tuesday.
Patches were also applied to Tiger-specific security issues, including mDNSResponder, PDFKit, and Quartz Composer. Users of Server editions also saw fixes in SquirrelMail and Tomcat.
Safari 3 Beta Update 3.0.3
Testers of the Safari 3 beta have also received fixes to the browser's web rendering code, Apple noted.
The four alterations to the code largely mirror those made for the iPhone and Mac OS X, including false characters in International Domain Name URLs and maliciously-written Perl.
Most of the vulnerabilities apply both to Mac OS X Tiger and Windows users with the exception of a new, Windows-only buffer overflow caused by adding bookmarks with unusually long titles, which are now automatically shortened with the 3.0.3 update.
On Topic: General
- Hacks targeting Chinese iCloud users prompt Apple CEO Tim Cook to meet China's vice premier
- Apple's Maps Connect portal lets local businesses create, add details to listings
- Apple leadership awarded restricted stock unit bonus currently worth $19M
- Apple spent $1M on lobbying US government in Q3, focused on health, data privacy, more
- GT Advanced reaches bankruptcy deal with Apple, will sell off more than 2,000 sapphire furnaces to pay debt