[Macpartners] Security Update 2004-05-24

Albert Willis awillis at MIT.EDU
Fri May 21 23:04:56 EDT 2004 

This security updates addresses a vulnerability that allows the Help 
Viewer to run arbitrary code that can be downloaded from the internet. 
The details of the vulnerability are described  at 
http://secunia.com/advisories/11622/.

You should use Software Update to install this update as soon as you 
can.

   -- Al



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-05-21 Security Update 2004-05-24

Security Update 2004-05-24 is now available and contains security
enhancements for the following:

HelpViewer: Fixes CAN-2004-0486 to ensure that HelpViewer will only
process scripts that it initiated.  Credit to lixlpixel
<me at lixlpixel.com> for reporting this issue.  This issue has been
widely reported as a problem with the Safari web browser, but can
affect other web browsers.  This update will fix the issue for Safari
and other web browsers.

Terminal: Fixes CAN-2004-0485 to improve URL processing within
Terminal.  Credit to Reni Puls <rpuls at gmx.net> for reporting this
issue.

================================================

Security Update 2004-05-24 may be obtained from:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:

For Mac OS X 10.3.3 "Panther" and Mac OS X 10.3.3 Server
========================================================
http://www.apple.com/support/downloads/securityupdate__2004-05-24_(
10_3_3).html
The download file is named: "SecUpd2004-05-24Pan.dmg"
Its SHA-1 digest is: 8e505ac4e36393f44e9d1b27ac0bd9a9e9f5b6a2

For Mac OS X 10.2.8 "Jaguar" and Mac OS X 10.2.8 Server
=======================================================
http://www.apple.com/support/downloads/securityupdate_2004-05-24_(
10_2_8).html
The download file is named: "SecUpd2004-05-24Jag.dmg"
Its SHA-1 digest is: 8c084551505fb4e7131afbf8bce14475bdc5f946

Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBQK6iU5yw5owIz4TQAQILmQgAk3/3Ia/WtAVYx3DjK46A/EdaHFiWFBkm
wZAoj0YNCMbjrKJviqthqNRBQsro08WKDA9/xBJ94drHNfTye9WwRuFYa5zg7SnV
JIVxcHHxv4qVn5zWy147fCCA+Xdoe45pWOBr2tQ4FM0HtI3mY2C2qlhNznUePRI3
E8FhgLV9QPaXwaBp/Lcn2/CbFbAY5jjpPRd+fEq2jcphkDW4+zgLn0O8SjSEyc7w
+XgYC8Ku/o+GAPNYjZ8oKMLzGeWlCxHpiMjQH9Lauq7U3/u1rqL6LG7bsqei3eEC
x7CIALNsXoGTV58dPq+yYr51IjnLnj1deGX3ZMikjK/k85639ADEYA==
=2I2M
-----END PGP SIGNATURE-----

More information about the Macpartners mailing list