Apple fixes Snow Leopard and Safari vulnerabilities

Summary:The company has issued security updates to fix vulnerabilities that could allow an attacker to intercept sensitive user information

Apple has released security updates for its Safari web browser and Snow Leopard operating system, fixing vulnerabilities that potentially allowed an attacker to intercept sensitive user information.

The Snow Leopard OS update — Security Update 2011-002 —  is available for Mac OS X and Mac OS X Server versions 10.5.8 and 10.6.7. It is designed to fix a vulnerability that could allow an attacker "in a privileged network position" to intercept sensitive personal information and credentials sent via a web browser, Apple said on Thursday.

"Several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information," Apple wrote on its support pages. "This issue is addressed by blacklisting the fraudulent certificates."

For Windows Safari users, applying the update in Microsoft Knowledge Base Article 2524375 will cause Safari to view the certificates as invalid.

The Safari 5.0.5 update, also issued on Thursday, closes two holes in the WebKit browser across the Mac and Windows platforms.

Apple said the vulnerabilities could have been exploited when visiting a malicious website, leading to the execution of arbitrary code or applications terminating unexpectedly.

Apple recommended that all Safari and Mac OS X users update the software. New versions can be obtained directly from the Apple website, or via the update mechanism in OS X and Safari. OS X users who have not installed previously issued security updates will get them as a part of this latest release.

Also on Thursday, Apple issued an update to iOS 4.3.2 to address the Safari SSL certificate vulnerability, and fix a number of bugs. 

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topics: Security


With a psychology degree under his belt, Ben set off on a four-year sojourn as a professional online poker player, but as the draw of the gambling life began to wane his attentions turned to more wholesome employment.With several years' experience covering everything in the world of telecoms and mobility, Ben's your man if it involves a s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.