Apple Tackles 18 Mac OS X Vulnerabilities
Page 1 of 1
Apple is out with the Mac OS X 10.5.8 security update release, fixing a range of issues.
At the top of the list is a flaw in how OS X handles compressed bzip files. According to Apple's advisory on the issue, "Decompressing maliciously crafted data may lead to an unexpected application termination."
"This may allow a maliciously crafted Web site that is reached via an open redirector on a user-trusted website to control the displayed Web site URL in a certificate warning," Apple's advisory states.
This sound like a similar flaw to one Mozilla fixed with Firefox 3.5.2 earlier this week. Mozilla also had a URL spoofing issue though. Mozilla specifically called out SSL, which is something that Apple has not done in its advisory.
Next page: Image and networking vulnerabilities