Apple released another security update and yesterday I got an email from CERT Advisories regarding this. Most of the time Apple does not release a lot of information about its security updates. CERT, on the other hand, gives you all the information you might want to know. So I thought I’d share.
VU#999708 – Apple Safari automatically executes arbitrary shell commands or code.
Apple Safari fails to properly determine file safety, allowing a remote unauthenticated attacker to execute arbitrary commands or code. (CVE-2006-0848)
VU#351217 – Apple Safari WebKit component vulnerable to buffer overflow
Apple Safari WebKit component is vulnerable to buffer overflow. This vulnerability may allow are remote attacker to execute arbitrary code or cause a denial-of-service condition. (CVE-2005-4504)
VU#176732 – Apple Safari vulnerable to buffer overflow
Apple Safari is vulnerable to a stack-based buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-0387)
I would advise you all to install this security update as soon as possible, because, as you can read, there are some major issues solved here!