Focus on Apple
Apple Releases Security Update 2007-006 Jun 22 2007 10:49PM
Todd Woodward (todd_woodward symantec com)
Apple released Security Update 2007-006 today.

As usual, here is a direct URL to Apple's Knowledge Base document:
http://docs.info.apple.com/article.html?artnum=305759

Some brief information about the updates which are for Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later:

WebCore
An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters.

WebKit
An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution.

###

Security Response Researcher
Focus-Apple Moderator
________________________________________
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
________________________________________
Office: 541-335-7441
________________________________________

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus