Apple releases OS X Security Update 2006-007

Summary:Apple yesterday released Security Update 2006-007 for Mac OS X 10.3.

Apple Software Update
Apple yesterday released Security Update 2006-007 for Mac OS X 10.3.9 through 10.4.8. The update, which is available in Software Update and from Apple Downloads, weighs in at 23.9 MB (for Intel) and is available in several flavors.

Despite Apple's policy that it "does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," some pretty good information about the 2006-007 update is posted on the "About the security content" page.

According to CNet's Joris Evers the update repairs 31 vulnerabilities, including a zero-day Wi-Fi hijack flaw:

Other flaws addressed by the Apple update could let Macs be compromised through malicious sites, rigged compressed files or malicious font files, Apple said. The update also fixes four flaws in the Mac OS X Security Framework, the worst of which could crash Macs or display expired security certificates as still valid, Apple said.

Security Update 2006-007 is recommended for all users and improves the security of the following components:

AirPort
ATS
CFNetwork
Finder
Font Book
Font Importer
Installer
OpenSSL
PHP
PPP
Samba
Security Framework
VPN
WebKit
gnuzip
perl

Topics: Apple

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.