Apple Security Update, Safari, and OS X Security
While Firefox and IE are getting all the hype lately, Apple has released four patches for Safari as part of its latest round, two of which claim to be remotely exploitable:
CVE-2005-2491 - Processing a regular expressions may result in arbitrary code executionCVE-2005-3702 - Safari may download files outside of the designated download directory
CVE-2005-3703 - JavaScript dialog boxes in Safari may be misleading
CVE-2005-3705 - Visiting malicious web sites with WebKit-based applications may lead to arbitrary code execution
I believe this ties into the SANS Top 20 list, which has listed OS X for the first time as having vulnerabilities (which pose a threat :) This was intended as a wake up call of sorts for OS X users and hopefully sends the message that we all need to pay attention to security, even if we do use a Mac. WeaponX anyone?