Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Apple Patches Safari 3, 4, Releases 10.5.7 Update

Released at the same time as Microsoft's May Security Patch are a series of patches from Apple. Safari has received a bulk update, for both the 3.x stable line and the Public Beta for 4. Both updates address the same set of underlying vulnerabilities in libxml, Safari, and WebKit, all of which could lead to arbitrary code execution.

Also released, and probably of more interest for most users, is Security Update 2009-002, which is also the 7th point release for OS X 10.5. OS X 10.5.7 contains a large number of patches and updates, and is massive. The .6 to .7 updater weighs in at 442 MB, while the ComboUpdate (from any previous point release of 10.5) is 729 MB.

Contained within this major update is security patches for a whole range of embedded services and features, including those in the separate Safari patches.

As with each prior system point release, Apple have introduced a number of improvements to the system. This includes improved video playback on NVIDIA-equipped systems, improved Apple Dashboard widgets, expanded support for RAW images across more cameras, reliability and stability enhancements to a range of applications (iCal, Mail) and system utilities (Printing, Parental Controls) as well as general system enhancement.

Safari users who have not installed the version 4 Beta will find that Safari is updated to 3.2.3 as part of the 10.5.7 update, so should not expect to see a separate standalone update for Safari once the underlying OS update has been applied. Since the announcement of the updates for the Safari 4 Beta, it would seem that Apple have pulled the update for some unknown reason. The update doesn't show from a search on the Apple Support website, and users have reported that it doesn't show in the Software Update window until after the 10.5.7 update has been applied. The 10.5.7 update will provide coverage for the libxml and WebKit issues, and users who are concerned that their actual Safari application remains at risk and will not apply this patch can downgrade back to 3.2.3, which is provided through the 10.5.7 release.

These updates can be found through the Software Update option under the Apple menu, or can manually be found at the Apple website, with the 10.5.7 point update available direct from here. Further technical details are available from Apple.

User reaction to the updates can be found all over the Internet, but from the forums at MacRumors, it would appear that most users aren't having trouble with the updates.

To help keep on top of these releases, our Advisory Service is here, and our Free mailing list is here.

13 May 2009

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.