New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Apple Rumors and Reports Discuss what's going on with Apple in this forum

Security Update 2006-001


Post Reply New Thread Subscribe

 
Thread Tools
technologist

 
Member Since: Mar 30, 2004
Location: USA
Posts: 4,744
technologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond repute
Mac Specs: 12" Apple PowerBook G4 (1.5GHz)

technologist is offline
http://docs.info.apple.com/article.html?artnum=303382

Among other things, it addresses weaknesses that were exploited by the recently reported malware.

Quote:
Safari, LaunchServices

CVE-ID: CVE-2006-0394

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

Impact: Viewing a malicious web site may result in arbitrary code execution

Description: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9).
Quote:
iChat. A malicious application named Leap.A that attempts to propagate using iChat has been detected. With this update for Mac OS X v10.4.5 and Mac OS X Server v10.4.5, iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers.
(And a similar change to Mail.)
QUOTE Thanks
fearlessfreap24

 
fearlessfreap24's Avatar
 
Member Since: Feb 09, 2005
Location: Near San Diego, CA
Posts: 2,339
fearlessfreap24 is just really nicefearlessfreap24 is just really nicefearlessfreap24 is just really nicefearlessfreap24 is just really nice
Mac Specs: MacBook Pro 13" | MacBook Pro 13" | Mac Mini 2GHz C2D

fearlessfreap24 is offline
thanks for the info Techno. i saw it on Software Update today. and i was wondering what it was for.

QUOTE Thanks
yogi

 
yogi's Avatar
 
Member Since: Jan 14, 2005
Location: St. Gallen, Switzerland
Posts: 1,973
yogi is a name known to allyogi is a name known to allyogi is a name known to allyogi is a name known to allyogi is a name known to allyogi is a name known to allyogi is a name known to all
Mac Specs: iMac Core i5, iPad, iPhone 4

yogi is offline
Wow. Now compare Apple's response to Leap.A and Microsofts to W32.Blaster. Wonderful.

If you liked this post, consider using the Reputation System.
QUOTE Thanks
kaidomac

 
Member Since: Jan 18, 2006
Posts: 1,868
kaidomac is just really nicekaidomac is just really nicekaidomac is just really nicekaidomac is just really nice
Mac Specs: G4 Cube

kaidomac is offline
Quote:
Originally Posted by yogi
Wow. Now compare Apple's response to Leap.A and Microsofts to W32.Blaster. Wonderful.
Yeah, no kidding. They dealt with the iMac Intel video problem pretty quickly, too. I think all of the *nix goodness is rubbing off on Apple...just look at how fast linux hackers respond to OS threats. Yet another reason I like Apple!
QUOTE Thanks

Post Reply New Thread Subscribe


« Apple Event to be held on Feb. 28... | New Mac Mini Announced Today »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
security update problem mac* Apple Notebooks 1 08-24-2004 09:06 PM
Apple releases new Panther security update Murlyn OS X - Operating System 2 11-04-2003 05:51 PM
Apple releases security update for Panther Murlyn OS X - Operating System 10 10-30-2003 04:39 PM
Apple Releases Security Update schweb Apple Rumors and Reports 0 03-24-2003 05:57 PM
Security Update 2003-03-03 Graphite Apple Rumors and Reports 6 03-04-2003 06:13 PM

All times are GMT -4. The time now is 01:43 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?