14 DAY TRIAL // The Cupertino company Apple recently debuted a new security Mac OS X update that is meant to patch two highly critical flaws discovered in several versions of the system. As the parent company reported in a security advisory, there was a problem with two Mac OS X elements, WebCore and WebKit, that could harm the users' computers and create additional flaws to be exploited by an attacker. The updates are available for Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later and was rated as highly-critical by the security company Secunia.
The WebCore update was rolled out after numerous users reported that "visiting a malicious website may allow cross-site requests".
"An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue," Apple described the first update.
The second update concerning the WebKit came after the users said that "visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution." "An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue," Apple added.
Security company Secunia rated the flaws as highly critical and sustained that the only solution to avoid the successful exploitation is to install the recently-released patches. As usual, the updates are delivered through the Software Update function included in every Mac OS X computer.