Security update for Mac OS X

Madrid, December 1, 2005 - Apple (*) has released update 2005-009 that fixes several security problems detected in versions 10.3.9 and 10.4.3 of Mac OS X. Some of these vulnerabilities could be exploited by a remote user to compromise affected systems.

The security problems resolved by this update include the following:

- Buffer overflow in CoreFoundation -component used by the browser Safari and other applications, which could allow a remote attacker to cause a buffer overflow and run arbitrary code.

- Security flaw in curl, which could allow execution of code when visiting a malicious HTTP server and using NTLM authentication.

- Four vulnerabilities in Safari, which could allow a remote attacker to carry out different actions, including execution of arbitrary code.

The update released by Apple also includes security fixes for Apache, apache_mod_ssl. iodbcadmintool (help tool included in ODBC Administrator), OpenSSL, passwordserver and syslog.

The Apple security update 2005-009 can be downloaded from: http://www.apple.com/support/downloads/

(*) More information in the advisory published by Apple at: http://docs.info.apple.com/article.html?artnum=302847

Oxygen3 24h-365d,
by Panda Software