Focus on Apple
Back to list
Apple Releases Security Update 2007-006
Jun 22 2007 10:49PM
Todd Woodward (todd_woodward symantec com)
Apple released Security Update 2007-006 today.
As usual, here is a direct URL to Apple's Knowledge Base document:
Some brief information about the updates which are for Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later:
An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters.
An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution.
Security Response Researcher
Todd D. Woodward
Technical Support Engineer
[ reply ]
Copyright 2010, SecurityFocus