SillyDog701

Message Centre 3.0

Skip to content

Security Update 2006-007 released for OS X 10.3.9 and 10.4.8

Apple products and Mac operating systems. Including discussions on Virtual PC for Mac, Parallels Desktop for Mac, all Apple hardware and everything relating to Mac!
(MacCentre701)

Moderator: Mandrake

Post a reply

Security Update 2006-007 released for OS X 10.3.9 and 10.4.8

Postby Antony » Tue 28 Nov, 2006 10:53 pm

Image

Apple released a Security Update 2006-007 for client and server versions of Mac OS X 10.3.9 and Mac OS X 10.4.8 today.

The "[sdt=12438]iAdware[/sdt]" proof-of-concept adware issue has been addressed.

Apple recommended all users install this security update.

Security Update 2006-007 for Mac OS X 10.4.8 Client Intel
Security Update 2006-007 for Mac OS X 10.4.8 Client PPC
Security Update 2006-007 for Mac OS X 10.4.8 Server Universal
Security Update 2006-007 for Mac OS X 10.4.8 Server PPC
Security Update 2006-007 for Mac OS X 10.3.9 Client
Security Update 2006-007 for Mac OS X 10.3.9 Server

Security Update 2006-007 is recommended for all users and improves the security of the following components:

AirPort
ATS
CFNetwork
Finder
Font Book
Font Importer
Installer
OpenSSL
PHP
PPP
Samba
Security Framework
VPN
WebKit
gnuzip
perl


For detailed information on this Update, please visit Apple security updates website.
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3
User avatar
Antony
diamond member
diamond member
 
Posts: 14343
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Postby J-M » Wed 29 Nov, 2006 3:36 am

This update has been assigned to Critical Risk FrSIRT advisory at
http://www.frsirt.com/english/advisories/2006/4750

This advisory lists 15 vulnerabilities in a detailed way and additionally several other vulnerabilities reported earlier (in gzip, ClamAV, OpenSSL, Perl, PHP, and Samba).

Fixed a typo/J-M
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8
Last edited by J-M on Wed 29 Nov, 2006 7:44 am, edited 1 time in total.
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top

Postby J-M » Wed 29 Nov, 2006 7:19 am

Highly Critical (4/5) Secunia advisory is here, in turn:
http://secunia.com/advisories/23155/
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top

Postby Antony » Wed 29 Nov, 2006 11:57 pm

From some forums, people reported that this Security Update addressed zero-day Mac OS X flaw as reported by Cnet and Secunia SA23012. I failed to find the matching reference.

"Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG (disk image) image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users," wrote the researcher, who goes by the initials "LMH."


Although Secunia rated it as "Highly critical", this corruption vulnerability can be easily avoided by disabling the setting "open safe files after downloading" in Safari's preferences. (SillyDog701 noted that Secunia has been over-exaggerated the critical levels in the past.)
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
User avatar
Antony
diamond member
diamond member
 
Posts: 14343
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top
Post a reply

Return to Mac OS and Apple

Who is online

Registered users: Google [Bot]

Powered by phpBB © phpBB Group
Cheap Web Hosting

support SillyDog701
[SillyDog701 home] [Netscape] [download NS] [MozInfo701] [MacCentre701] [Feedback] [Search] [Sitemap]
All messages posted in this forum do not necessarily represent SillyDog701. This forum is operated by Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.		 get FirefoxMade on a Mac