Apple posts Mac OS X 2007-007, Safari beta 3 security updatesTwo comprehensive security updates have been released that guard both Mac OS X and the test version of Safari 3 against several critical web and networking exploits.
Mac OS X Security Update 2007-007
Apple on Tuesday night released its seventh Mac OS X security patch of 2007, releasing versions for Panther (Client, Server) as well as variants for Tiger users on PowerPC systems (Client, Server) and newer Intel Macs (Client, Server).
Most of the changes affect all platforms, and close off potential buffer overflows and maliciously designed links that could lead to arbitrary code running in open-source components of the Mac OS, including bzip2, gnuzip, Kerberos, PHP, and Samba networking. Memory overflow exploits in iChat as well as the Java virtual machine's access to the CoreAudio platform were also addressed, Apple said.
Multiple WebCore and WebKit flaws that could affect website and scripting have also been addressed and mirror similar security changes made in the iPhone 1.0.1 Update also released on Tuesday.
Patches were also applied to Tiger-specific security issues, including mDNSResponder, PDFKit, and Quartz Composer. Users of Server editions also saw fixes in SquirrelMail and Tomcat.
Safari 3 Beta Update 3.0.3
Testers of the Safari 3 beta have also received fixes to the browser's web rendering code, Apple noted.
The four alterations to the code largely mirror those made for the iPhone and Mac OS X, including false characters in International Domain Name URLs and maliciously-written Perl.
Most of the vulnerabilities apply both to Mac OS X Tiger and Windows users with the exception of a new, Windows-only buffer overflow caused by adding bookmarks with unusually long titles, which are now automatically shortened with the 3.0.3 update.
On Topic: General
- IBM reportedly plans to purchase up to 200K MacBooks for employees
- Facebook completes first full-scale drone for spreading Internet access to remote regions
- AppleInsider podcast talks Apple Watch at Best Buy, rumored iPads, Steve Jobs movies & an Apple car
- Apple could be held liable for supporting terrorism with strong iOS encryption, experts theorize
- Apple inks deal for first major office space in San Francisco