Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Apple Fixes Critical Safari Bug, 16 Other Flaws

Apple Computer on Wednesday released its first security update of 2006 to patch 17 bugs, including a critical flaw in the Safari browser and a gaffe in iChat that was used by the first Mac OS X worm to infect Macintosh machines.

The update, dubbed Security Update 2006-001, comes just over a week after news broke of a critical flaw in the operating system and the Safari Web browser, leading to intense defense of Mac security by Apple users.

The Safari vulnerability could let attackers hijack a Mac simply by enticing its user to a malicious Web site in a so-called "drive-by download" that's a common menace to Windows users but unheard of in the Mac world.

The problem stemmed from Safari's (and Mac OS X's) trust of certain file types, specifically ZIP archives. Attackers could pack a ZIP with malicious scripts that the Mac would automatically run, the German firm Heise Security said last week.

"This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9)," Apple's alert read.

  • 1