Feeds

Apple update fixes 'critical' security bug

Rumble in the jungle

Application security programs and practises

Apple released a security update on Wednesday that fixes multiple vulnerabilities, including a critical flaw in its Safari web browser that created a means for hackers to attack vulnerable systems.

The security bug meant malicious hackers could rename "safe file" extensions stored in ZIP archives, creating a way to trick users into executing malicious shell scripts. The flaw meant malicious applications could appear as a safe file type. If Mac users had left the "Open safe files after downloading" option enabled in Safari then malware would automatically be executed as soon as a user was tricked into visiting a malicious-constructed website. Security researchers produced a proof of concept demo to validate their concerns about the critical flaw.

Apple's update tackles the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or downloads are not automatically opened (in Mac OS X v10.3.9). The update also addresses 19 other security bugs in Mac OS X involving security flaws in Safari, the PHP Apache module and scripting environment as well as Mail and iChat security bugs, as summarised by Secunia here.

The appearance of the Safari bug, along with a brace of low to no risk worms affecting Mac OS X, spawned a lively debate between Mac fans and security vendors over the impact of the security flap, which disinterested observers judged to be largely academic. ®

The Power of One Infographic

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.