• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

Security Update 2006-001

T

technologist


Joined
Mar 30, 2004
Messages
4,744
Reaction score
381
Points
83
Location
USA
Your Mac's Specs
12" Apple PowerBook G4 (1.5GHz)
http://docs.info.apple.com/article.html?artnum=303382

Among other things, it addresses weaknesses that were exploited by the recently reported malware.

Safari, LaunchServices

CVE-ID: CVE-2006-0394

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

Impact: Viewing a malicious web site may result in arbitrary code execution

Description: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9).
Click to expand...
iChat. A malicious application named Leap.A that attempts to propagate using iChat has been detected. With this update for Mac OS X v10.4.5 and Mac OS X Server v10.4.5, iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers.
Click to expand...
(And a similar change to Mail.)
 
fearlessfreap24

fearlessfreap24


Joined
Feb 9, 2005
Messages
2,340
Reaction score
82
Points
48
Location
DFW
Your Mac's Specs
MacBook Pro 13" | MacBook Pro 13" | Mac Mini 2GHz C2D
thanks for the info Techno. i saw it on Software Update today. and i was wondering what it was for.
 
Y

yogi


Joined
Jan 14, 2005
Messages
2,078
Reaction score
155
Points
63
Wow. Now compare Apple's response to Leap.A and Microsofts to W32.Blaster. Wonderful.
 
K

kaidomac


Joined
Jan 18, 2006
Messages
1,868
Reaction score
106
Points
63
Your Mac's Specs
G4 Cube
yogi said:
Wow. Now compare Apple's response to Leap.A and Microsofts to W32.Blaster. Wonderful.
Click to expand...

Yeah, no kidding. They dealt with the iMac Intel video problem pretty quickly, too. I think all of the *nix goodness is rubbing off on Apple...just look at how fast linux hackers respond to OS threats. Yet another reason I like Apple!
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top