Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

August 2009
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Mac OS X 10.5.8 fixes 18 security flaws

By Sean Michael Kerner on August 6, 2009 9:38 AM
apple_new_macs_200x180.jpg
From 'time to update' files:

Apple is out with the Mac OS X 10.5.8 security update release fixing a range of issues.

At the top of the list is a flaw in how OS X handles compressed bzip files. According to Apple's advisory on the issue, "Decompressing maliciously crafted data may lead to an unexpected application termination."

Apple is also fixing a web browser issue, by way of the CFNetwork layer in OS X. CFNetwork is Apple's core services framework that provides network layer abstraction to applications. The flaw could potentially have enabled an attacker to spoof a website URL after a browser is redirected with an HTML 302 redirect.
"This may allow a maliciously crafted website that is reached via an open redirector on a user-trusted website to control the displayed website URL in a certificate warning," Apple's advisory states.
To my naked eye this sound like a similar flaw to one Mozilla fixed with Firefox 3.5.2 earlier this week. Mozilla also had a URL spoofing issue though, Mozilla specifically called out SSL, which is something that Apple has not done in its advisory.

OS X 10.5.8 also gets a pair of networking fixes.

One of the networking issues is a flaw where an AppleTalk response packet could have let to arbitrary code execution. The other, a synchronization issue exists in the handling of file descriptor sharing over local sockets that could lead to a system shutdown.

There are six seperate patched issues related to image handling issues which could lead to exploits. As well,On the more obvious fixes side, Apple has updated its CoreTypes technology to ensure that users are warned pior to opening potentially unsafe content via download.

The 10.5.8 update is Apple's first since the 10.5.7 update in May of this year.

| Comments (0) | TrackBacks (0) | Share

0 TrackBacks

Listed below are links to blogs that reference this entry: Mac OS X 10.5.8 fixes 18 security flaws .

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8648

Leave a comment