Feeds

Apple update fixes 'critical' security bug

Rumble in the jungle

The Power of One Brief: Top reasons to choose HP BladeSystem

Apple released a security update on Wednesday that fixes multiple vulnerabilities, including a critical flaw in its Safari web browser that created a means for hackers to attack vulnerable systems.

The security bug meant malicious hackers could rename "safe file" extensions stored in ZIP archives, creating a way to trick users into executing malicious shell scripts. The flaw meant malicious applications could appear as a safe file type. If Mac users had left the "Open safe files after downloading" option enabled in Safari then malware would automatically be executed as soon as a user was tricked into visiting a malicious-constructed website. Security researchers produced a proof of concept demo to validate their concerns about the critical flaw.

Apple's update tackles the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or downloads are not automatically opened (in Mac OS X v10.3.9). The update also addresses 19 other security bugs in Mac OS X involving security flaws in Safari, the PHP Apache module and scripting environment as well as Mail and iChat security bugs, as summarised by Secunia here.

The appearance of the Safari bug, along with a brace of low to no risk worms affecting Mac OS X, spawned a lively debate between Mac fans and security vendors over the impact of the security flap, which disinterested observers judged to be largely academic. ®

Using blade systems to cut costs and sharpen efficiencies

More from The Register

next story
Report: American tech firms charge Britons a thumping nationality tax
Without representation, too. Time for a Boston (Lincs) Macbook Party?
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
Child diagnosed as allergic to iPad
Apple's fondleslab is the tablet dermatitis sufferers won't want to take
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
For Lenovo US, 8-inch Windows tablets are DEAD – long live 8-inch Windows tablets
Reports it's killing off smaller slabs are greatly exaggerated
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.