Apple Patches More Holes

Posted: June 27, 2007 in Softwares

Apple has updates out for security problems in WebCore (Mac OS X’s HTML layout engine) and WebKit, the application framework that serves as an underpinning for many Mac applications. The issue concerning Apple’s WebKit browser engine, could make a Mac OS X application user vulnerable to attack if he or she were to visit a maliciously crafted site. Security Update 2007-006 takes care of an HTTP injection bug that occurs in WebCore’s XMLHttpRequest when it’s serializing headers into an HTTP request. The vulnerability can lead to cross-site scripting attacks if a victim is be lured to a maliciously crafted site. The WebCore issue affects Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later and Mac OS X Server v10.4.9 or later.

WebKit serves as an engine for the Safari browser as well as many other Mac OS X applications, including Dashboard and Mail. The problem with WebKit is an invalid type conversion when rendering frame sets, which can lead to memory corruption. Results range from the application quitting on up to a targeted system getting hijacked with arbitrary code execution. Apple’s update for the WebKit glitch is available for Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later and Mac OS X Server v10.4.9 or later.

Download: Security Update 2007-006
News source: eWeek

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s