Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
 
"how many users allow per session? because the digital persona password manager allows only 10 ..."
on DigitalPersona Pro Workstation/Pro Server
by Daniel | Nov 25, 2008 12:14 AM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"I have been the recipient of Agent.JEN.Trojan through an email suggesting a UPS parcel (including..."
on Trojan disguised as UPS delivery note
by Vincent Laing | Nov 13, 2008 4:01 PM
Microsoft

Apple patches two security flaws in OS X, releases Safari Beta 3.0.2

  • Email a Friend
  • Print Page
Apple patches two security flaws in OS X, releases Safari Beta 3.0.2
Related Articles
By Frank Washkuch
Jun 26, 2007 9:28 AM
Tags: Apple | patches | two | security | flaws | in | OS | X, | releases | Safari | Beta | 3.0.2
In its third security advisory of the past week, Apple said that the WebCore flaw could be exploited to create a HTTP injection issue.

The patch fixes the flaw in Mac OS X and OS X Server versions 10.3.9 and 10.4.9 or later.

The flaw exists in the SMLHttpRequest function when serializing headers into a HTTP request, according to Apple's advisory.

Researcher Richard Moore of Westpoint Ltd., credited by Apple with discovering the flaw, said the vulnerability exists in Safari for OS X and Microsoft ’s Windows operating systems.

Moore informed Apple of the flaw on June 14, according to an advisory from Westpoint.

The WebKit flaw, which can be exploited to run malicious code on a Mac, is caused by an invalid type conversion when rendering frame sets, according to Apple.

The technology giant credited Rhys Kidd of Westnet, an Australian internet service provider, with reporting the issue, which also exists in Mac OS X and OS X Server versions 10.3.9 and 10.4.9 and later.

Both flaws were ranked "highly critical" by Secunia because they can be exploited from remote locations.

FrSIRT ranked the vulnerabilities as "critical," according to an advisory released today.

On Thursday, Apple fixed security flaws in Apple TV, a network device that permits users to play computer content on a television, and in IPv6.

Safari Beta 3.0.2, also released Friday, contains the latest security fixes from Apple, according to the company’s website. It is the third beta version of the browser since its initial release earlier this month.

Apple released Safari Beta 3.0.1 for Windows last week after a number of critical vulnerabilities were found in the first few hours after the browser was released to the public.

Matt Watchinski, director of Sourcefire’s vulnerability research team, told SCMagazine.com that despite the frequency of Apple’s patch releases in recent weeks, the company doesn’t spend nearly enough on security for a comparison to take place with Microsoft’s processes.

"Apple has a lot of growing to do here before anyone starts to do any comparison between the business that Apple has and [that of] Microsoft," he said.

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Patch Management Whitepapers
 
Popular Tags
adobe apple browser flaws four issues microsoft openoffice patch patches releases report safari security tuesday two update updates vulnerabilities vulnerability