Utility software

Apple security fix closes Mail, iChat, Safari holes

Apple on Wednesday released Security Update 2006-001, available for download through Software Update system preference pane and from Apple’s Downloads Web page. The update addresses a recently reported exploit that left Safari users vulnerable to malicious shell scripts; corrects a vulnerability to Apple’s Mail software and also changes the way iChat handles file transfers to help prevent the “Leap-A” malware.

“Apple today posted Mac OS X security update 2006-001 that fixes both the recently reported Leap-A and Safari security vulnerabilities,” an Apple spokesman told Macworld . “This update is available automatically to all users through Apple’s free Software Update service or at http://www.apple.com/support/downloads. To maintain maximum system security, Apple always advises that all Mac OS X users keep their system current by installing this and all Mac OS X software updates.”

Separate downloads have been made available from Apple’s Web site for Mac OS X v10.3.9 “Panther” client and server versions, as well as Mac OS X v10.4.5 “Tiger” Intel and PowerPC versions.

Apple recommends the updates for all users.

A large number of individual components have been updated in this release — Apple describes them in detail on its Web site.

Updated components include:

  • apache_mod_php
  • automount
  • Bom
  • Directory Services
  • iChat
  • IPSec
  • LaunchServices
  • LibSystem
  • loginwindow
  • Mail
  • rsync
  • Safari
  • Syndication
  • In recent weeks, security experts revealed that it was possible to Apple’s Web browser Safari to be exploited for malicious purposes when a file was downloaded. The previous week it was revealed that a piece of malware called Leap-A had been discovered that could, under certain circumstances, infect the Macs of iChat users who communicate using Apple’s Bonjour zero-configuration networking technology.

    This security update closes the Safari hole, and also provides safety for iChat and Mail users by providing the applications with more information for those applications’ download validation.

    Updated 7:14 PM ET March 01, 2006: Added statement from Apple .

    Subscribe to the Help Desk Newsletter

    Comments