• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • OS X Security Update Fixes RSS Vulnerability.


    Apple has seeded Security Update 2009-001 via the Software Update utility. Among the many various things that are updated this security update patches the Safari RSS vulnerability that we covered back in January.
    Safari RSS

    CVE-ID: CVE-2009-0137

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6

    Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution

    Description: Multiple input validation issues exist in Safari's handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues.
    To read full details of this security update please visit the Apple info page.

    Other things that were updated at the same time include Safari 3.2.2 which patches the same RSS vulnerability as Safari OS X and also a Java Update which improves security and compatibility of Java on Mac OS X.
    This article was originally published in forum thread: OS X Security Update Fixes RSS Vulnerability. started by Cody Overcash View original post