Author Topic: Security Update 2007-006 released  (Read 1182 times)

Offline bil207

  • TS Addict
  • *****
  • Posts: 965
    • View Profile
Security Update 2007-006 released
« on: June 22, 2007, 04:21:32 PM »
Apple has released Security Update 2007-006.

You can get Security Update 2007-006 via Softwre Update or download it here.

"Security Update 2007-006

WebCore

CVE-ID: CVE-2007-2401

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later

Impact: Visiting a malicious website may allow cross-site requests

Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

WebKit

CVE-ID: CVE-2007-2399

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue."
Bill

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
Security Update 2007-006 released
« Reply #1 on: June 23, 2007, 03:22:49 AM »
Thanks Bill  notworthy.gif

Offline pendragon

  • TS Addict
  • *****
  • Posts: 7178
    • View Profile
    • http://www.pendragonservices.com
Security Update 2007-006 released
« Reply #2 on: June 23, 2007, 07:23:12 AM »
I just used the Intel (stand-alone) version. The DL and install were routine. Like most, if not all, security updates, a restart was required.

It's far too early to tell if "gotchas" lurk, but so far, all is sweetness and light at Pendragon land. cheer.gif
Those who can make you believe absurdities can make you commit atrocities. ~ Voltaire