Security Update 2006-002 available
You are here:  SillyDog701 > Message Centre > Mac OS and Apple > [sdt=11044]
SillyDog701 Forums
Author Message
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 11914
13 Mar, 2006 4:58 pm Security Update 2006-002 available [sdp=71441]  

Apple released Security Update 2006-002 for Mac OS X 10.4.5 and 10.3.9.

Quote:
Security Update 2006-002 is recommended for all users and improves the reliability and security of the following components:

apache_mod_php
CoreTypes
LaunchServices
Mail
Safari
rsync


More detail about this security update: http://docs.info.apple.com/article.html?artnum=303453

download Security Update 2006-002 Mac OS X 10.4.5 (PPC) (13.9 MB)
download Security Update 2006-002 Mac OS X 10.4.5 Client (Intel) (15.4 MB)
download Security Update 2006-002 (10.3.9 Client) (25.3 MB)

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 11914
13 Mar, 2006 9:46 pm Re: Security Update 2006-002 available [sdp=71464]  
Security Update updates following:
CoreTypes
CVE-ID: CVE-2006-0400
Impact: Remote web sites can cause JavaScript to bypass the same-origin policy

Mail
CVE-ID: CVE-2006-0396
Impact: Double-clicking an attachment in Mail may result in arbitrary code execution

Safari, LaunchServices, CoreTypes
CVE-ID: CVE-2006-0397, CVE-2006-0398, CVE-2006-0399
Impact: Viewing a malicious web site may result in arbitrary code execution

Safari is also updated to version 2.0.3 (417.9.2)



UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
J-M
diamond member

Juha-Matti Laurio
Joined: 25 Jul 2004
Posts: 734
Location: Helsinki, Finland
13 Mar, 2006 11:36 pm [sdp=71467]  
This has been assigned to Extremely Critical Secunia advisory today, link to advisory:
http://secunia.com/advisories/19129/

Quote:
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) Under certain circumstances, it is possible for JavaScript to bypass the same-origin policy via specially crafted archives.

2) A boundary error in Mail can be exploited to cause a buffer overflow via a specially crafted email. This allows execution of arbitrary code on a user's system if a specially crafted attachment is double-clicked.

3) An error in Safari / LaunchServices can cause a malicious application to appear as a safe file type. This may cause a malicious file to be executed automatically when visiting a malicious web site.


UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi-FI; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 11914
14 Mar, 2006 8:18 am [sdp=71477]  
J-M wrote:
This has been assigned to Extremely Critical Secunia advisory today, link to advisory:
http://secunia.com/advisories/19129/

Quote:
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
I don't usually pay much attention to the Secunia's rating. The description is more important. Secunia has made non-understandable descriptions in the past.

Now, for this case, shouldn't Secunia focused on fixed instead of it was (so-called) Extremely Critical?

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 11914
14 Mar, 2006 8:19 am [sdp=71478]  
This Security Update breaks Shiira 1.2.1.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 11914
16 Mar, 2006 6:46 pm Security Update 2006-002 v1.1 [sdp=71601]  

Security Update 2006-002 v1.1

Apple released an update to Security Update 2006-002 released early this week for Mac OS X 10.4.5.

Quote:
Security Update 2006-002 is recommended for all users and improves the reliability and security of the following components:

apache_mod_php
CoreTypes
LaunchServices
Mail
Safari
rsync


More detail about this security update: http://www.info.apple.com/kbnum/n61798

download Security Update 2006-002 Mac OS X 10.4.5 (PPC) (13.9 MB)
download Security Update 2006-002 Mac OS X 10.4.5 Client (Intel) (15.4 MB)

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
J-M
diamond member

Juha-Matti Laurio
Joined: 25 Jul 2004
Posts: 734
Location: Helsinki, Finland
20 Mar, 2006 8:31 am [sdp=71755]  
Antony wrote:
I don't usually pay much attention to the Secunia's rating. The description is more important. Secunia has made non-understandable descriptions in the past.


Yes, sometimes it's just easy to use titles like Extremely Critical, French-based FrSIRT used their highest Critical level as well:
http://www.frsirt.com/english/advisories/2006/0949

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fi; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Back to top profile website
Display posts from previous:   
Reply to topic    Forum Index > Mac OS and Apple All times are CST (GMT -6)
page 1 of 1
To add your questions, comments, and for more features and more, please join SillyDog701 Message Centre. It's free! This is SillyDog 701 Message Centre (SD701 Forums).
Harley Davidson parts - shop online for harley davidson parts & accessories at 20% discount.
Buy Text Links - buy and/or sell text link ads.

Cartoon Network iTunes .Mac

*Search | FAQ | Rules and Policies | MozInfo701 - Mozilla Information Centre | SD701 Open Directory | Message Board Map | download Netscape