Feeds

Apple update fixes 'critical' security bug

Rumble in the jungle

The Power of One Brief: Top reasons to choose HP BladeSystem

Apple released a security update on Wednesday that fixes multiple vulnerabilities, including a critical flaw in its Safari web browser that created a means for hackers to attack vulnerable systems.

The security bug meant malicious hackers could rename "safe file" extensions stored in ZIP archives, creating a way to trick users into executing malicious shell scripts. The flaw meant malicious applications could appear as a safe file type. If Mac users had left the "Open safe files after downloading" option enabled in Safari then malware would automatically be executed as soon as a user was tricked into visiting a malicious-constructed website. Security researchers produced a proof of concept demo to validate their concerns about the critical flaw.

Apple's update tackles the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or downloads are not automatically opened (in Mac OS X v10.3.9). The update also addresses 19 other security bugs in Mac OS X involving security flaws in Safari, the PHP Apache module and scripting environment as well as Mail and iChat security bugs, as summarised by Secunia here.

The appearance of the Safari bug, along with a brace of low to no risk worms affecting Mac OS X, spawned a lively debate between Mac fans and security vendors over the impact of the security flap, which disinterested observers judged to be largely academic. ®

Application security programs and practises

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
Microsoft confirms secret Surface will never see the light of day
Microsoft's form 8-K records decision 'not to ship a new form factor'
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.