In total, four security bugs have been fixed by Apple. The aforementioned publicized security bug used to compromise a MacBook Air laptop at last month's CanSecWest security conference won Charlie Miller a $10,000 prize. The bugs also included a a heap buffer overflow present the browser's WebKit framework for handling JavaScript.
A second issue in the WebKit framework was also addressed. It involved WebKit's handling of URLs that contain a colon character in the host name, which could have been exploited by a malicious user to create a crafted URL to lead a cross-site scripting attack. Two other issues allowed malicious users to manipulate the contents of the address bar, or to execute arbitrary code.
Get regular news updates from AfterDawn.com by subscribing to our RSS feeds using the Subscribe button below. If you have been living in a cave for a few years now and don't know how to use RSS feeds, then Click Here to read a Guide on how to use RSS (and other) feeds.
Written by: James Delahunty @ 17 Apr 2008 0:21