Apple has rolled out a security update to correct nine potentially serious vulnerabilities in the Mac OS X operating system.
The update, which carries a “highly critical” rating from Secunia, comes with a modification to Apple Computer Inc.’s Safari browser to provide protection against an IDN (International Domain Names) URL-spoofing vulnerability.
The IDN bug allows maliciously registered international domains to make URLs visually appear as legitimate sites. The issue affects multiple Web browsers and workarounds from Mozilla and Opera have already been released.
According to an advisory from Apple, Safari has been tweaked so that it consults a user-customizable list of scripts that are allowed to be displayed natively.
“Characters based on scripts that are not in the allowed list are displayed in their Punycode equivalent,” the company explained.
Apple said the default list of allowed scripts does not include Roman look-alike scripts.
To read more about the upcoming release of Mac OS X 10.4, code-named Tiger, click here.
The company’s monthly patch also corrects two vulnerabilities in the AFP (Apple Filing Protocol) Server.
The first was described as a denial-of-service issue which can be exploited to terminate the operation of the AFP Server due to an incorrect memory reference.
A separate patch fixes the checking of file permissions for access to Drop Boxes to protect against the contents being discovered by malicious attackers.
Why is Mac OS X in increasing danger from hackers, according to Symantec? Click here to read more.
The update also resolves:
Apple has posted download locations (Client and Server) on its support Web site.
Check out eWEEK.com’s for the latest news, reviews and analysis on Apple in the enterprise.