Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2007-06-22 Security Update 2007-006
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2007-06-22 Security Update 2007-006



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-06-22 Security Update 2007-006

Security Update 2007-006 is now available and addresses the following
issues:

WebCore
CVE-ID:  CVE-2007-2401
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later
Impact:  Visiting a malicious website may allow cross-site requests
Description:  An HTTP injection issue exists in XMLHttpRequest when
serializing headers into an HTTP request.  By enticing a user to
visit a maliciously crafted web page, an attacker could conduct
cross-site scripting attacks.  This update addresses the issue by
performing additional validation of header parameters.  Credit to
Richard Moore of Westpoint Ltd. for reporting this issue.

WebKit
CVE-ID:  CVE-2007-2399
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  An invalid type conversion when rendering frame sets
could lead to memory corruption.  Visiting a maliciously crafted web
page may lead to an unexpected application termination or arbitrary
code execution.  Credit to Rhys Kidd of Westnet for reporting this
issue.

Security Update 2007-006 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.9 (PowerPC) or later
and Mac OS X Server v10.4.9 (PowerPC) or later
The download file is named:  "SecUpd2007-006Ti.dmg"
Its SHA-1 digest is:  14ba95e8d6e795b9d0f99b614fe426d643edf15e

For Mac OS X v10.4.9 (Universal) or later
and Mac OS X Server v10.4.9 (Universal) or later
The download file is named:  "SecUpd2007-006Univ.dmg"
Its SHA-1 digest is:  68fe035d8653de6e4d27da92d4dbf77c53c1f214

For Mac OS X v10.3.9 and Mac OS X Server v10.3.9
The download file is named:  "SecUpd2007-006Pan.dmg"
Its SHA-1 digest is:  8c085ef167f1bfa92ec9e34834181bb034686e8a

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRnwMjsgAoqu4Rp5tAQjnVgf+PyJLQ1pYYv6QrdoLiRaR3IhuhDF2wgkd
m3UB661sexst2aI417mbqRqdH1W1XUl5EpJlKNzXg9k2BiWxVwD21CxqhLUXJlku
zxXdmAqEIqy2GXtmAquuAX8c0oQF3k+uip8ovzddc9q+B0WV0/vbQODN+O3EkVs9
TNRVjowN0Pmp1Tb8O0hLsBqh57FtH9lzT0d9sGh6/C7zke7lxVOWYd9Y0Vov72rd
9oYv/q+Knj9qh4Zylp3Kg7Um0wotCX2JQ+U+XTNgr00sifaw6WUjpcpq9hQdAgv8
4CrFJGId7g+SYvbqy4pzfLQSFboeYD3HOZsVPSCze57tQSmBfJ6CJw==
=mli5
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.