Apple Issues Updated Security Fix

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Apple released another version of the security patch it distributed on March 13 to users of its OS X operating system software, in order to address a problem reported with the update.

The company said it distributed the new patch, dubbed Update 2006-002 v1.1, in order to fix an issue with Apples Safari Web browser that some users observed after installing its 2006-002 security update.

According to a post on the companys Web site, the previous update had caused some Safari users to have problems launching the browser. Based on the post, the flaw specifically affected users who removed Safari from their computers applications folders before installing the 2006-002 patch.

Apple originally released the 2006-002 patch in order to address a problem found in part of a broader security update released at the beginning of March.

The companys flagship Mac OS X operating is facing growing scrutiny over security issues and Apple introduced the first March update in order to address over a dozen specific vulnerabilities.

/zimages/1/28571.gifClick here to read more about security holes in Apples Safari Web browser.

The first security update from Apple in 2006 also came less than a week after the release of exploit code for a Safari browser flaw and the discovery of two worms affecting Mac OS X users.

In all, five Safari issues were addressed, including an “extremely critical” flaw that could allow remote code execution attacks if a user simply viewed a maliciously rigged Web page.

/zimages/1/84833.gifZiff Davis Media eSeminars invite: Learn how to proactively shield your organizations against threats at all tiers of the network, Symantec will show you how, live on March 21 at 4 p.m. ET. Sponsored by Symantec.

A separate buffer overflow was also addressed in the way the WebKit application framework handles certain HTML, which could allow a maliciously crafted Web page to cause a crash or to execute arbitrary code as the user viewing the site.

/zimages/1/28571.gifIs Apple prepared to handle a real outbreak of malware? Read more here.

Apple also patched a third code execution hole in Safari that could let an attacker use JavaScript to trigger a stack buffer overflow.

Apple said Safaris security model prevents remote resources from causing redirection to local resources. “An issue involving HTTP redirection can cause the browser to access a local file, bypassing certain restrictions,” the company said in the alert.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis on Apple in the enterprise.