14 DAY TRIAL // Apple has just released Security Update 0226-002. The patch addresses a buffer overflow issue in Mail, a same-origin policy bypass via JavaScript, and several improvements to the changes introduced in the previous security update.
It seems that some of the security measures introduced in the previous patch were either too strict or not tweaked enough, because they also reported Word documents and folders with custom icons as being unsafe, among other things.
As usual, the update is recommended for all users and improves the security of the following components: ■ apache_mod_php ■ CoreTypes ■ LaunchServices ■ Mail ■ Safari ■ rsync
This update also incorporates the previous security update, for those who did not get it at the time. It fixed quite a number of serious issues, which could be exploited by just about anyone. The exact components with their security addressed were: ■ apache_mod_php ■ automount ■ Bom ■ Directory Services ■ iChat ■ IPSec ■ LaunchServices ■ LibSystem ■ loginwindow ■ Mail ■ rsync ■ Safari ■ Syndication