Only days after Apple released Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9. Both vulnerabilities involve surfing the Internet. One could allow a cross site scripting attack, the other could cause a denial of service (crash). The update is available from within Mac OS X via the Software Update pane in System Preferences, or from Apple's Software Download only for systems that have installed Safari 3.0 beta. This update will not appear for Mac OS X users who have not installed Safari 3.0 beta. Users of Microsoft Windows XP and Windows Vista have additional patches available ., it has also released Security Update 2007-006. This update affects users of
Patch for WebCore
This patch affects users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later and addresses the vulnerability in CVE-2007-2401. When serializing headers into an HTTP request, an HTTP injection is possible within XMLHttpRequest. Successful execution could result in cross-site requests to malicious sites.
Patch for WebKit
This patch affects users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later and addresses the vulnerability in CVE-2007-2399. A memory corruption issue exists with invalid type conversion when rendering frame sets. Visiting a maliciously crafted Web site could allow a denial-of-service (crash) or arbitrary code execution.