News and Trends
SHARE
Facebook X Pinterest WhatsApp

OS X Security Patch Includes Browser Fix

Apple has rolled out a security update to correct nine potentially serious vulnerabilities in the Mac OS X operating system. The update, which carries a “highly critical” rating from Secunia, comes with a modification to Apple Computer Inc.’s Safari browser to provide protection against an IDN (International Domain Names) URL-spoofing vulnerability. The IDN bug allows […]

Written By
thumbnail Ryan Naraine
Ryan Naraine
Mar 22, 2005
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Apple has rolled out a security update to correct nine potentially serious vulnerabilities in the Mac OS X operating system.

The update, which carries a “highly critical” rating from Secunia, comes with a modification to Apple Computer Inc.’s Safari browser to provide protection against an IDN (International Domain Names) URL-spoofing vulnerability.

The IDN bug allows maliciously registered international domains to make URLs visually appear as legitimate sites. The issue affects multiple Web browsers and workarounds from Mozilla and Opera have already been released.

According to an advisory from Apple, Safari has been tweaked so that it consults a user-customizable list of scripts that are allowed to be displayed natively.

“Characters based on scripts that are not in the allowed list are displayed in their Punycode equivalent,” the company explained.

Apple said the default list of allowed scripts does not include Roman look-alike scripts.

To read more about the upcoming release of Mac OS X 10.4, code-named Tiger, click here.

The company’s monthly patch also corrects two vulnerabilities in the AFP (Apple Filing Protocol) Server.

The first was described as a denial-of-service issue which can be exploited to terminate the operation of the AFP Server due to an incorrect memory reference.

A separate patch fixes the checking of file permissions for access to Drop Boxes to protect against the contents being discovered by malicious attackers.

Why is Mac OS X in increasing danger from hackers, according to Symantec? Click here to read more.

The update also resolves:

  • An error in Bluetooth Setup Assistant that can be exploited to bypass security restrictions when using a Bluetooth input device.
  • A boundary error in the Core Foundation library when handling the CF_CHARSET_PATH environment variables, which can cause buffer overflows to allow malicious local users to execute arbitrary code with escalated privileges.
  • Multiple vulnerabilities in the Cyrus IMAP Server that can be exploited by malicious people to compromise a vulnerable system.
  • Several flaws in Cyrus SASL that can be exploited to crash or potentially compromise applications linked against the library.
  • Insecure permissions on various directories that may result in race conditions and allow local privilege escalation.
  • A security hole in Mailman that can be exploited by malicious people to disclose sensitive information.

    • Apple has posted download locations (Client and Server) on its support Web site.

    Check out eWEEK.com’s for the latest news, reviews and analysis on Apple in the enterprise.

    thumbnail Ryan Naraine

    Recommended for you...

    thumbnail Scale Computing Makes Strategic Updates to HyperCore Solution
    Infrastructure
    Scale Computing Makes Strategic Updates to HyperCore Solution
    Jordan Smith
    Sep 17, 2025
    thumbnail Druva Launches Metadata Graphing & New Agentic AI Solutions
    AI
    Druva Launches Metadata Graphing & New Agentic AI Solutions
    Jordan Smith
    Sep 17, 2025
    thumbnail SonicWall’s Michael Crean on State of Managed Security
    Security
    SonicWall’s Michael Crean on State of Managed Security
    Victoria Durgin
    Sep 17, 2025
    thumbnail Gigamon Unveils Agentic AI App to Boost IT Productivity
    AI
    Gigamon Unveils Agentic AI App to Boost IT Productivity
    Luis Millares
    Sep 16, 2025
    Channel Insider Logo

    Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

    facebook
    linkedin
    youtube
    rss
    spotify
    x

    Company

    About us Contact us Advertise with us

    Categories

    Channel Business Security AI Infrastructure Lists & Awards

    Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

    Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

    Terms of Service Privacy Policy California - Do Not Sell My Information