Security Update 2007-006 released: Problems installing
Plugs holes in WebKit, used by Safari and other applications to render HTML.
Update: Several users are receiving the message that Security Update 2007-006 cannot be installed on their because the "volume does not meet requirements." We received this error in-house on a MacBook Pro running Mac OS X 10.4.9 -- the version stated as required for this update.
If you are experiencing a similar issue, please let us know.
------
Apple has released Security Update 2007-006, which resolves the following vulnerabilities:
WebCore Visiting a malicious website may allow cross-site requests. An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
WebKit Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
Download links are as follows:
- Security Update 2007-006 (10.3.9) [2.2MB]
- Security Update 2007-006 (Intel) [4.5MB]
- Security Update 2007-006 (PPC) [2.7MB]
Problems after applying this update? Please let us know.
Resources