Tuesday, July 31, 2007, 06:40 pm PT (09:40 pm ET)
Apple posts Mac OS X 2007-007, Safari beta 3 security updatesTwo comprehensive security updates have been released that guard both Mac OS X and the test version of Safari 3 against several critical web and networking exploits.
Mac OS X Security Update 2007-007
Apple on Tuesday night released its seventh Mac OS X security patch of 2007, releasing versions for Panther (Client, Server) as well as variants for Tiger users on PowerPC systems (Client, Server) and newer Intel Macs (Client, Server).
Most of the changes affect all platforms, and close off potential buffer overflows and maliciously designed links that could lead to arbitrary code running in open-source components of the Mac OS, including bzip2, gnuzip, Kerberos, PHP, and Samba networking. Memory overflow exploits in iChat as well as the Java virtual machine's access to the CoreAudio platform were also addressed, Apple said.
Multiple WebCore and WebKit flaws that could affect website and scripting have also been addressed and mirror similar security changes made in the iPhone 1.0.1 Update also released on Tuesday.
Patches were also applied to Tiger-specific security issues, including mDNSResponder, PDFKit, and Quartz Composer. Users of Server editions also saw fixes in SquirrelMail and Tomcat.
Safari 3 Beta Update 3.0.3
Testers of the Safari 3 beta have also received fixes to the browser's web rendering code, Apple noted.
The four alterations to the code largely mirror those made for the iPhone and Mac OS X, including false characters in International Domain Name URLs and maliciously-written Perl.
Most of the vulnerabilities apply both to Mac OS X Tiger and Windows users with the exception of a new, Windows-only buffer overflow caused by adding bookmarks with unusually long titles, which are now automatically shortened with the 3.0.3 update.
On Topic: General
- Former head of Android Andy Rubin leaves Google to start tech hardware incubator
- Seth Rogen to play Steve Wozniak alongside Christian Bale's Steve Jobs
- President Bill Clinton, Microsoft CEO Satya Nadella & others praise Apple CEO Tim Cook for publicly announcing he is gay
- 'I'm proud to be gay,' Apple CEO Tim Cook says in open letter supporting equality
- Microsoft inadvertently leaks 'Band' fitness wearable in new app, reveals 'Microsoft Health' [update: confirmed]