Update: Tiger gets security updates, Safari 3.2.3 improves security

Jonathan Seff and Peter Cohen
13 May, 2009
View more articles fromthe author

At the same time that Apple released an update to Leopard (10.5), the company also fixed a number of security issues for users running Tiger (10.4) and released Safari 3.2.3, a new release of its Web browser for Mac OS X 10.4, 10.5 and Windows.

Security Update 2009-02 updates several areas of Tiger, including Apache, CoreGraphics, CUPS, Disk images, Flash Player plug-in, Help Viewer, Spotlight, X11, and more. It fixes problems ranging from keeping PDFs opened in CoreGraphics from executing malicious code to preventing maliciously crafted Mach-O executables from causing the Finder to repeatedly terminate and relaunch.

There are four version of the update, one each for Tiger client PowerPC and Intel, as well as Tiger Server PowerPC and Universal. All require you to be running 10.4.11, and the proper update should show up using Tiger’s Software Update mechanism.

As far as Safari goes, Apple indicates that the update is recommended for all Safari users, and includes the latest security updates. Specific changes have been made to libxml, Safari and WebKit files, according to Apple.

Libxml, a software library used to parse Extensible Markup Language (XML) documents, has been updated to better handle a heap buffer overflow situation. The update corrects the problem through improved bounds checking.

Safari itself has been updated to correct multiple input validation issues that could cause arbitrary code to be executed with a maliciously-crafted “feed:” URL. Additional validation has been made to fix that issue.

Lastly, WebKit, the application framework used to make Safari, has also been improved. A memory corruption issue has been corrected through improved bounds checking; under some circumstances, a maliciously-crafted Web site could lead to arbitrary code execution.

Safari 3.2.3 should not be confused with the beta release of 4 for Mac and Windows that remains available for download from Apple’s Web site.

Safari 3.2.3 is included with the Mac OS X 10.5.7 update, also available today.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us