Apple Security Update For December

Apple recently released its December security update. The 12.7MB download
consists of several updated components including Apache, AppKit, HIToolbox,
Kerberos, Postfix, PSNormalizer, Safari, and Terminal. From MacCentral:

“Several Apache modules were updated improving security for both client and
servers version of Mac OS X. According to Apple, Apache mod_digest_apple
authentication is vulnerable to replay attacks in Mac OS X Server.
Corrections for the replay problem were made in versions 1.3.31 and 1.3.32
of Apache and have been included in this update.

“For Mac OS X client and server, multiple vulnerabilities in Apache and
mod_ssl including local privilege escalation, remote denial of service and
in some modified configurations execution of arbitrary code. Apache and
mod_ssl have been updated to fix this issue.

“Other issues found with Apache and corrected with this security update
include Apache configurations did not fully block access to ‘.DS_Store’
files or those starting with ‘.ht.’ File data and resource fork content can
be retrieved via HTTP bypassing normal Apache file handlers; and modified
Apache 2 configurations could permit a privilege escalation for local users
and remote denial of service.”

[Continued reading about Apple Security Update For December]