Feeds

Apple update fixes 'critical' security bug

Rumble in the jungle

The Essential Guide to IT Transformation

Apple released a security update on Wednesday that fixes multiple vulnerabilities, including a critical flaw in its Safari web browser that created a means for hackers to attack vulnerable systems.

The security bug meant malicious hackers could rename "safe file" extensions stored in ZIP archives, creating a way to trick users into executing malicious shell scripts. The flaw meant malicious applications could appear as a safe file type. If Mac users had left the "Open safe files after downloading" option enabled in Safari then malware would automatically be executed as soon as a user was tricked into visiting a malicious-constructed website. Security researchers produced a proof of concept demo to validate their concerns about the critical flaw.

Apple's update tackles the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or downloads are not automatically opened (in Mac OS X v10.3.9). The update also addresses 19 other security bugs in Mac OS X involving security flaws in Safari, the PHP Apache module and scripting environment as well as Mail and iChat security bugs, as summarised by Secunia here.

The appearance of the Safari bug, along with a brace of low to no risk worms affecting Mac OS X, spawned a lively debate between Mac fans and security vendors over the impact of the security flap, which disinterested observers judged to be largely academic. ®

Build a business case: developing custom apps

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
Really, er, stands out among cheapie 7-inchers
Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
Cheapest models given new processors, more RAM
4K video on terrestrial TV? Not if the WRC shares frequencies to mobiles
Have your say with Ofcom now, before Freeview becomes Feeview
Leaked Windows Phone 8.1 Update specs tease details of Nokia's next mobes
New screen sizes, dual SIMs, voice over LTE, and more
YES, iPhones ARE getting slower with each new release of iOS
Old hardware doesn't get any faster with new software
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.