Security Update 2006-002 available
You are here:  SillyDog701 > Message Centre > Mac OS and Apple > [sdt=11044]
SillyDog701 Forums
Author Message
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
13 Mar, 2006 4:58 pm Security Update 2006-002 available [sdp=71441]  

Apple released Security Update 2006-002 for Mac OS X 10.4.5 and 10.3.9.

Quote:
Security Update 2006-002 is recommended for all users and improves the reliability and security of the following components:

apache_mod_php
CoreTypes
LaunchServices
Mail
Safari
rsync


More detail about this security update: http://docs.info.apple.com/article.html?artnum=303453

download Security Update 2006-002 Mac OS X 10.4.5 (PPC) (13.9 MB)
download Security Update 2006-002 Mac OS X 10.4.5 Client (Intel) (15.4 MB)
download Security Update 2006-002 (10.3.9 Client) (25.3 MB)

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
13 Mar, 2006 9:46 pm Re: Security Update 2006-002 available [sdp=71464]  
Security Update updates following:
CoreTypes
CVE-ID: CVE-2006-0400
Impact: Remote web sites can cause JavaScript to bypass the same-origin policy

Mail
CVE-ID: CVE-2006-0396
Impact: Double-clicking an attachment in Mail may result in arbitrary code execution

Safari, LaunchServices, CoreTypes
CVE-ID: CVE-2006-0397, CVE-2006-0398, CVE-2006-0399
Impact: Viewing a malicious web site may result in arbitrary code execution

Safari is also updated to version 2.0.3 (417.9.2)



UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
J-M
diamond member


Joined: 25 Jul 2004
Posts: 777
Location: Helsinki, Finland
13 Mar, 2006 11:36 pm [sdp=71467]  
This has been assigned to Extremely Critical Secunia advisory today, link to advisory:
http://secunia.com/advisories/19129/

Quote:
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) Under certain circumstances, it is possible for JavaScript to bypass the same-origin policy via specially crafted archives.

2) A boundary error in Mail can be exploited to cause a buffer overflow via a specially crafted email. This allows execution of arbitrary code on a user's system if a specially crafted attachment is double-clicked.

3) An error in Safari / LaunchServices can cause a malicious application to appear as a safe file type. This may cause a malicious file to be executed automatically when visiting a malicious web site.


UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi-FI; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
14 Mar, 2006 8:18 am [sdp=71477]  
J-M wrote:
This has been assigned to Extremely Critical Secunia advisory today, link to advisory:
http://secunia.com/advisories/19129/

Quote:
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
I don't usually pay much attention to the Secunia's rating. The description is more important. Secunia has made non-understandable descriptions in the past.

Now, for this case, shouldn't Secunia focused on fixed instead of it was (so-called) Extremely Critical?

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
14 Mar, 2006 8:19 am [sdp=71478]  
This Security Update breaks Shiira 1.2.1.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
16 Mar, 2006 6:46 pm Security Update 2006-002 v1.1 [sdp=71601]  

Security Update 2006-002 v1.1

Apple released an update to Security Update 2006-002 released early this week for Mac OS X 10.4.5.

Quote:
Security Update 2006-002 is recommended for all users and improves the reliability and security of the following components:

apache_mod_php
CoreTypes
LaunchServices
Mail
Safari
rsync


More detail about this security update: http://www.info.apple.com/kbnum/n61798

download Security Update 2006-002 Mac OS X 10.4.5 (PPC) (13.9 MB)
download Security Update 2006-002 Mac OS X 10.4.5 Client (Intel) (15.4 MB)

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
J-M
diamond member


Joined: 25 Jul 2004
Posts: 777
Location: Helsinki, Finland
20 Mar, 2006 8:31 am [sdp=71755]  
Antony wrote:
I don't usually pay much attention to the Secunia's rating. The description is more important. Secunia has made non-understandable descriptions in the past.


Yes, sometimes it's just easy to use titles like Extremely Critical, French-based FrSIRT used their highest Critical level as well:
http://www.frsirt.com/english/advisories/2006/0949

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fi; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Back to top profile website
Display posts from previous:   
Reply to topic    Forum Index > Mac OS and Apple All times are CST (GMT -6)
page 1 of 1
To add your questions, comments, and for more features and more, please join SillyDog701 Message Centre. It's free! This is SillyDog 701 Message Centre (SD701 Forums).

Led Zeppelin You can support SillyDog701 when you buy your favourite music, TV shows, movies from iTunes Store. You can even rent movies from iTunes Store.

*Search | FAQ | Rules and Policies | MozInfo701 - Mozilla Information Centre | SD701 Open Directory | Message Board Map | download Netscape