While Firefox and IE are getting all the hype lately, Apple has released four patches for Safari as part of its latest round, two of which claim to be remotely exploitable:


CVE-2005-2491 – Processing a regular expressions may result in arbitrary code execution
CVE-2005-3702 – Safari may download files outside of the designated download directory
CVE-2005-3703 – JavaScript dialog boxes in Safari may be misleading
CVE-2005-3705 – Visiting malicious web sites with WebKit-based applications may lead to arbitrary code execution

I believe this ties into the SANS Top 20 list, which has listed OS X for the first time as having vulnerabilities (which pose a threat :) This was intended as a wake up call of sorts for OS X users and hopefully sends the message that we all need to pay attention to security, even if we do use a Mac. WeaponX anyone?

Full Apple Patch Release Information

About the author

Paul Asadoorian is the Founder & CEO of Security Weekly, where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over 8 years. By day he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows here at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul is also the founder and host of "The Stogie Geeks Show", featuring cigar reviews for cigar enthusiasts.

Leave a Reply