Focus on Apple
Apple Releases Security Update 2007-006 Jun 22 2007 10:49PM
Todd Woodward (todd_woodward symantec com)
Apple released Security Update 2007-006 today.

As usual, here is a direct URL to Apple's Knowledge Base document:

Some brief information about the updates which are for Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later:

An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters.

An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution.


Security Response Researcher
Focus-Apple Moderator
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
Office: 541-335-7441

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus