Apple posts Mac OS X 2007-007, Safari beta 3 security updatesTwo comprehensive security updates have been released that guard both Mac OS X and the test version of Safari 3 against several critical web and networking exploits.
Mac OS X Security Update 2007-007
Apple on Tuesday night released its seventh Mac OS X security patch of 2007, releasing versions for Panther (Client, Server) as well as variants for Tiger users on PowerPC systems (Client, Server) and newer Intel Macs (Client, Server).
Most of the changes affect all platforms, and close off potential buffer overflows and maliciously designed links that could lead to arbitrary code running in open-source components of the Mac OS, including bzip2, gnuzip, Kerberos, PHP, and Samba networking. Memory overflow exploits in iChat as well as the Java virtual machine's access to the CoreAudio platform were also addressed, Apple said.
Multiple WebCore and WebKit flaws that could affect website and scripting have also been addressed and mirror similar security changes made in the iPhone 1.0.1 Update also released on Tuesday.
Patches were also applied to Tiger-specific security issues, including mDNSResponder, PDFKit, and Quartz Composer. Users of Server editions also saw fixes in SquirrelMail and Tomcat.
Safari 3 Beta Update 3.0.3
Testers of the Safari 3 beta have also received fixes to the browser's web rendering code, Apple noted.
The four alterations to the code largely mirror those made for the iPhone and Mac OS X, including false characters in International Domain Name URLs and maliciously-written Perl.
Most of the vulnerabilities apply both to Mac OS X Tiger and Windows users with the exception of a new, Windows-only buffer overflow caused by adding bookmarks with unusually long titles, which are now automatically shortened with the 3.0.3 update.