Apple posts Mac OS X 2007-007, Safari beta 3 security updatesTwo comprehensive security updates have been released that guard both Mac OS X and the test version of Safari 3 against several critical web and networking exploits.
Mac OS X Security Update 2007-007
Apple on Tuesday night released its seventh Mac OS X security patch of 2007, releasing versions for Panther (Client, Server) as well as variants for Tiger users on PowerPC systems (Client, Server) and newer Intel Macs (Client, Server).
Most of the changes affect all platforms, and close off potential buffer overflows and maliciously designed links that could lead to arbitrary code running in open-source components of the Mac OS, including bzip2, gnuzip, Kerberos, PHP, and Samba networking. Memory overflow exploits in iChat as well as the Java virtual machine's access to the CoreAudio platform were also addressed, Apple said.
Multiple WebCore and WebKit flaws that could affect website and scripting have also been addressed and mirror similar security changes made in the iPhone 1.0.1 Update also released on Tuesday.
Patches were also applied to Tiger-specific security issues, including mDNSResponder, PDFKit, and Quartz Composer. Users of Server editions also saw fixes in SquirrelMail and Tomcat.
Safari 3 Beta Update 3.0.3
Testers of the Safari 3 beta have also received fixes to the browser's web rendering code, Apple noted.
The four alterations to the code largely mirror those made for the iPhone and Mac OS X, including false characters in International Domain Name URLs and maliciously-written Perl.
Most of the vulnerabilities apply both to Mac OS X Tiger and Windows users with the exception of a new, Windows-only buffer overflow caused by adding bookmarks with unusually long titles, which are now automatically shortened with the 3.0.3 update.
On Topic: General
- Alphabet, Fiat Chrysler working toward self-driving car tie-up - report
- Apple-supported US Email Privacy Act passes unanimous House vote, with compromises
- Volkswagen says it's not in talks with Apple or Google about new 'digital mobility' businesses
- Second-gen August Smart Lock with Apple HomeKit support now shipping
- Indian government approves Apple bid to open stores free of 30% sourcing policy