Apple has come out with its first major security advisory update of 2009, with fixes to Mac OS X as well as the Safari Web browser. But at least one security expert said the company took too long to respond to problems that had been flagged in Safari.
On the OS X side, Security Update 2009-001 patches at least 22 different issues, spanning video, server and open source packages. Among the fixes is an Apple update for an error in the Pixlet video codec that could have potentially led to arbitrary code execution.
Though this is the first broad Apple security update of the year, in January, Apple patched its QuickTime media-playing software to version 7.6 for unrelated security issues.
Mac OS X also gets patched in the latest update for a number of different open source programs that it includes, with updates for the Perl and Python programming languages as well as an update to the Common Unix Printing System (CUPS) printing system.
Apple also updated the ClamAV open source antivirus application, which it includes on the Mac OS X Server platforms.
The company has paid more attention to antivirus software lately, although not all of the efforts may have gone as smoothly as it would have liked: Last year, the company posted a Web page advising its desktop users on whether they needed antivirus software for their desktop system. But shortly catching the eye of the media, it removed the page.
Apple also updated SMB (Server Message Block) (define), which is used by Macs to interoperate with Microsoft Windows filesystem. The upgrade aims to protect against a buffer overflow and a memory exhaustion issue, which could have led to a system shutdown or an arbitrary code execution, Apple said.
On the browser side, Apple is updating Safari for both Mac and Windows platforms for an RSS (define) feed issue. According to Apple’s advisory on the RSS issue, there were multiple input validation issues in Safari’s handling of “feed:” URLs.
“The issues allow execution of arbitrary JavaScript in the local security zone,” Apple said in its notes accompanying the update. “This update addresses the issues through improved handling of embedded JavaScript within feed.”
The general idea of using RSS as an attack vector is not a new one. In 2006, security engineer Robert Auger delivered a presentation at the Black Hat Las Vegas conference detailing how RSS exploitation could work.
In the case of the Safari RSS problem, Apple credits security researcher Brian Mastenbrook for reporting the issue.
Yet Mastenbrook’s not especially pleased with how the update played out. In a blog post, he said he originally reported the issue to Apple as early as July 11, 2008 — and criticized the company for its slowness to act.
“Many vulnerabilities rely on attack mechanisms which require a fair amount of technical sophistication on the part of the attacker,” Mastenbrook said in his post. “By contrast, this vulnerability works in exactly the same way on all affected platforms, and does not require intricate knowledge of the processor or operating system to exploit. I discovered it accidentally, which indicates that this issue could also be discovered by others.”
This article was first published on InternetNews.com.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.
