Apple issues another security update for Mac OS X

Apple issues another security update for Mac OS X

Apple Computers has issued another security update. This is the second time within a fortnight that Apple has to come out with a security patch to fix a glitch in their operating system software.

This latest update is for OS X 10.3.9 and the Intel and PowerPC versions of 10.4.5. It fixes problems related to CoreTypes JavaScript, Mail, Safari, and LaunchServices. The CoreTypes JavaScript update from the company addresses the CVE-2006-0400 vulnerability where websites can cause JavaScript to bypass the same-origin policy by flagging documents containing such JavaScript as unsafe.

The Mail update fixes CVE-ID: CVE-2006-0396 where double-clicking an attachment in Mail may result in arbitrary code execution by triggering a buffer overflow. One another update fixes a vulnerability in Safari, LaunchServices and CoreTypes (CVE-ID: CVE-2006-0397, CVE-2006-0398, CVE-2006-0399) where Safari could automatically open a file which appears to be a safe file type but is in reality an application.

These security updates are available through internal Software Update mechanism in Mac OS X and can also be separately downloaded from the company’s website.