Mac OS X Patch Includes IDN Browser Fix
The update, which carries a "highly critical" rating from Secunia, comes with a modification to Apple Computer Inc.s Safari browser to provide protection against an IDN (International Domain Names) URL-spoofing vulnerability.
The IDN bug allows maliciously registered international domains to make URLs visually appear as legitimate sites. The issue affects multiple Web browsers and workarounds from Mozilla and Opera have already been released.
According to an advisory from Apple, Safari has been tweaked so that it consults a user-customizable list of scripts that are allowed to be displayed natively.
"Characters based on scripts that are not in the allowed list are displayed in their Punycode equivalent," the company explained.
Apple said the default list of allowed scripts does not include Roman look-alike scripts.
The companys monthly patch also corrects two vulnerabilities in the AFP (Apple Filing Protocol) Server.
The first was described as a denial-of-service issue which can be exploited to terminate the operation of the AFP Server due to an incorrect memory reference.
A separate patch fixes the checking of file permissions for access to Drop Boxes to protect against the contents being discovered by malicious attackers.
The update also resolves:
Check out eWEEK.coms for the latest news, reviews and analysis on Apple in the enterprise.