• On CHOW: Girls who hate girly drinks
advertisementElectronics & Computers Deals here!
advertisement
May 11, 2006 2:00 PM PDT

Apple releases Security Update 2006-003 for both PowerPC and Intel-based Macs

by CNET staff
  • Font size
  • Print
  • 18 comments

Apple has released Security Update 2006-003, which includes significant security enhancements for both PowerPC and Intel-based Macs.

The new update plugs the following security vulnerabilities, broken out by component:

  • AppKit: Characters entered into a secure text field can be read by other applications in the same window session
  • AppKit, ImageIO: Viewing a maliciously-crafted GIF or TIFF image may lead to arbitrary code execution
  • BOM: Expanding an archive may lead to arbitrary code execution; Expanding a malicious archive may cause arbitrary files to be created or overwritten
  • CFNetwork: Visiting malicious web sites may lead to arbitrary code execution
  • ClamAV: Processing maliciously-crafted email messages with ClamAV may lead to arbitrary code execution
  • CoreFoundation: Registration of an untrusted bundle may lead to arbitrary code execution; String conversions to file system representation may lead to arbitrary code execution
  • CoreGraphics: Characters entered into a secure text field can be read by other applications in the same window session
  • Finder: Launching an Internet Location item may lead to arbitrary code execution (Description: Internet Location items are simple URL containers which may reference http://, ftp://, and file:// URLs, as well as a few other URL schemes. These different types of Internet Location items are visually distinct, and meant to be safe to explicitly launch. However, the scheme of the URL may be different than the Internet Location type. As a result, an attacker may be able to convince a user to launch a supposedly benign item (such as a Web Internet Location, http://), with the result that some other URL scheme is actually used. In certain circumstances, this may lead to arbitrary code execution. This update addresses the issues by restricting the URL scheme based on the Internet Location type.)
  • FTPServer: FTP operations by authenticated FTP users may lead to arbitrary code execution
  • Flash Player: Playing Flash content may lead to arbitrary code execution
  • ImageIO: Viewing a maliciously-crafted JPEG image may lead to arbitrary code execution (Description: An integer overflow in the processing of JPEG metadata may result in a heap buffer overflow. By carefully crafting an image with malformed JPEG metadata, an attacker may be able to cause arbitrary code execution when the image is viewed. This update addresses the issue by performing additional validation of images. This issue does not affect systems prior to Mac OS X v10.4)
  • Keychain: An application may be able to use Keychain items when the Keychain is locked
  • LaunchServices: Viewing a malicious web site may lead to arbitrary code execution
  • libcurl: URL handling in libcurl may lead to arbitrary code execution
  • Mail: Viewing a malicious mail message may lead to arbitrary code execution
  • MySQL Manager: MySQL database may be accessed with an empty password
  • Preview: Navigating a maliciously-crafted directory hierarchy may lead to arbitrary code execution
  • QuickDraw: Viewing a maliciously-crafted PICT image may lead to arbitrary code execution
  • QuickTime Streaming Server: A malformed QuickTime movie can cause QuickTime Streaming Server to crash
  • QuickTime Streaming Server: Maliciously-crafted RTSP requests may lead to crashes or arbitrary code execution
  • Ruby: Ruby safe level restrictions may be bypassed
  • Safari: Visiting malicious web sites may lead to file manipulation or arbitrary code execution (Description: When Safari's "Open 'safe' files after downloading" option is enabled, archives will be automatically expanded. If the archive contains a symbolic link, the target symlink may be moved to the user's desktop and launched. This update addresses the issue by not resolving downloaded symbolic links. This issue does not affect systems prior to Mac OS X v10.4.

The new release is currently available through Software Update.

If you are having any issues after applying the update, please let us know.

Resources

  • PowerPC
  • Intel-based Macs
  • let us know
  • More from Late-Breakers
    • Topics:

    News,

    Troubleshooting

    Tags:

    Late-Breakers

    Share:
    Digg
    Del.icio.us
    Reddit
    Recent posts from MacFixIt
    Address Book: Search not working properly
    iTunes 9.0.3 breaks AirTunes connection for some
    Apple releases Aperture 3.0
    Manage iCal's automatic e-mail generation for invitations
    CNET TV Apple Byte: Apple faces critics
    Weekly Utilities Update: Net Monitor, MiniUsage, TimeMachineEditor, more...
    Odds and Ends: Essential video codec packs for OS X
    Address Book: Unable to add, view contacts
    Add a Comment (Log in or register) (18 Comments)
    • prev
    • next
    by MacPress May 11, 2006 7:54 PM PDT
    2.0Ghz MacBookPro will not reboot after updater ran SU2006-03, QT and
    FrontRow updaters. Gets about 1/4 through "starting OSX" and it stalls. Cursor
    moves, but nothing works or goes beyond that point. Safe Boot works and I was
    able to repair permissions. At this point, it is not running at all.
    Reply to this comment
    by rob412 May 11, 2006 7:54 PM PDT
    >
    This is a reply to a previous comment by MacPress


    Same with me--something is really wrong with this update--BE CAREFUL

    ROB
    Reply to this comment
    by MacPress May 11, 2006 7:55 PM PDT
    >
    This is a reply to a previous comment by MacPress


    UPDATE: After t-boot from another Mac, I downloaded the update installer for
    Intel, copied to the desktop of my user name on the MacBookPro, and safe
    boot mode ran the installer.

    I was very excited to see the progress bar move to 50% of the startup this
    time, but it stalled again. Sat for nearly 45 min. now and nothing changed.
    Cursor moves, but nothing else and progress bar is frozen..

    Running DiskFirst Aid from second Mac showed no error or problems.

    Still hoping it will work again. Continuing to test solutions...
    Reply to this comment
    by capkwork May 11, 2006 7:55 PM PDT
    >
    This is a reply to a previous comment by MacPress


    I went through all this for breakfast - here is the easy fix

    start in safe mode (hold shift during boot) and go into HD>System>Library>Startup Items>Printing Services & delete the "Startup Parameters.plist" file & restart.

    you should be good
    Reply to this comment
    by robertvideo May 11, 2006 7:58 PM PDT
    MAY 11th 2006
    SERIOUS CRASH PROPLEMS - MOST APPS!

    Today is my 47th b-day
    and I was having a great day until I updated my iMAc to
    OSX- 10.4 software today about 2 hrs ago

    ALL APPS except Firefox crashes- HUGE PROBLEM!
    Firefox browser is the ONLY Appliaction that does NOT crash when I launch it

    If I access - apple menu - about this MAC - it logs me out of my user account

    If I access system prefs and hot user account it crashes

    I cant even launch APPLE MAIL to send an email to APPLE

    This is a SERIOUS Issue - I assume others are having the same problem

    WHAT A NIGHTMARE
    HELP!

    PS: On top of all that the Yankees are loosing to the Bo-sox
    in the 9th
    Reply to this comment
    by anton.vandeth May 11, 2006 8:34 PM PDT
    I installed this - and then tried to restart my MacBook and it froze- I've run disk utility and nothing is working - HELP!!! Apple support is useless!!!!
    Reply to this comment
    by Andreas.. May 11, 2006 9:01 PM PDT
    I seem to be the odd one out. Installed the Sec Update (PPC), and the QuickTime
    and Front Row u/dates - and not a hint of any problem.

    ---
    Andreas

    G5 2.1GHz, OS 10.4.6

    Reply to this comment
    by Razzledazzle May 11, 2006 9:13 PM PDT
    No problems here. Installed the updates on my G5 dual 2Ghz processor,G4iMac 15" flatpanel,LaCie external Firewire Hard Drive, Powerbook G4 15". Everything runs great.
    Reply to this comment
    by dta69_dotmac May 11, 2006 9:26 PM PDT
    Installed on a G4 800Mhz iBook and a 1.42 Mini.
    No issues whatsoever.
    Reply to this comment
    by Dale Mugford May 11, 2006 9:26 PM PDT
    >
    This is a reply to a previous comment by dta69_dotmac


    Same here- two iBook G4's (1.33 & 1Ghz), and a Mini 1.42.

    Zero issues.
    Reply to this comment
    by rob412 May 11, 2006 9:57 PM PDT
    on my machine, the Adobe Version Cue
    > startup item was the culprit. Rather than removing
    > all the startup items in the System
    > Preferences/Accounts/Login Items and all the startup
    > items in Macintosh HD/Library/StartupItems, simply
    > try removing Version Cue from Macintosh
    > HD/Library/StartupItems/.

    this worked for me.

    Rob
    Reply to this comment
    by bonsai8 May 12, 2006 6:04 AM PDT
    InteliMac 2 Ghz 2 GB RAM and no problems at this time after the morning
    updates. Only SAFT would not run but that is normal because SAFT is cause-
    and-effect chain with Safari. Change Safari we must also update SAFT.

    For all the others: I was reading a note that the Startup Items are
    the problem and exceptionally Version Cue from Adobe is a great
    trouble maker. Removing all Startup Item will restore these
    computers and the System will work problemless.
    Reply to this comment
    by EgonSpock May 12, 2006 7:22 AM PDT
    Installed all three updates and running without any problems on my MacBook
    Pro 1.83.
    Reply to this comment
    by jeanfi May 12, 2006 9:37 AM PDT
    Since the Security update, the "Mount disk image" command in Toast
    7.02 leads to a complete freeze of the mac (on a iMac 20"), except for the
    mouse.

    I have to shut down the mac via the power button.
    Reply to this comment
    by fredchan May 15, 2006 3:17 AM PDT
    after update, macbookpro 15" freeze after a while for no reason and only array from mice still move. i have to interrupt by power button.
    If someone has an idea
    Reply to this comment
    by mrcookie May 15, 2006 3:17 AM PDT
    >
    This is a reply to a previous comment by fredchan


    Opening a movie with Mplayer OS X on MacBook causes same kind of crash after
    the update was installed
    Reply to this comment
    by ryck May 15, 2006 8:19 AM PDT
    I installed the update this morning and shortly afterward started filing mail
    (Apple Mail 1.3.11) after creating two new mail folders. The mail filed into
    those folders is gone. I have experimented by copying mail into the new
    folders and the copies are there.
    Reply to this comment
    by capkwork May 15, 2006 12:58 PM PDT
    I went through all this for breakfast - here is the easy fix

    start in safe mode (hold shift during boot) and go into HD>System>Library>Startup Items>Printing Services & delete the "Startup Parameters.plist" file & restart.

    you should be good

    cappinkirk.com
    Reply to this comment
    (18 Comments)
    • prev
    • next
    advertisement

    About MacFixIt

    MacFixIt is CNET's troubleshooting resource for all things Mac. The information here helps you navigate the ins-and-outs of Mac ownership with how-tos, troubleshooting information, news, reviews, and more.

    Add this feed to your online news reader

    Reviews & advice
    Site map
    Editorial policies
    Meet the editors
    How we test
    Forums
    Internet speed test
    Popular topics
    Apple iPhone
    Apple iPod
    Cell phones
    CES 2010
    GPS
    LCD TV
    CNET sites
    CNET Site map
    CNET TV
    Downloads
    News
    Reviews
    Shopper.com
    More information
    Newsletters
    CNET Mobile
    CNET Widgets
    Customer Help Center
    RSS
    CNET API
    About CNET
    sponsored