Apple Computer Inc. Information for VU#578798
Apple Mac OS X help system may interpret inappropriate local script files
- Vendor Information Help Date Notified: 21 May 2004
- Statement Date:
- Date Updated: 24 May 2004
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see APPLE-SA-2004-05-21 Security Update 2004-05-24:
-----BEGIN PGP SIGNED MESSAGE-----
APPLE-SA-2004-05-21 Security Update 2004-05-24
Security Update 2004-05-24 is now available and contains security
enhancements for the following:
HelpViewer: Fixes CAN-2004-0486 to ensure that HelpViewer will only
process scripts that it initiated. Credit to lixlpixel
<email@example.com> for reporting this issue. This issue has been
widely reported as a problem with the Safari web browser, but can
affect other web browsers. This update will fix the issue for Safari
and other web browsers.
Terminal: Fixes CAN-2004-0485 to improve URL processing within
Terminal. Credit to Reni Puls <firstname.lastname@example.org> for reporting this
Security Update 2004-05-24 may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
For Mac OS X 10.3.3 "Panther" and Mac OS X 10.3.3 Server
The download file is named: "SecUpd2004-05-24Pan.dmg"
Its SHA-1 digest is: 8e505ac4e36393f44e9d1b27ac0bd9a9e9f5b6a2
For Mac OS X 10.2.8 "Jaguar" and Mac OS X 10.2.8 Server
The download file is named: "SecUpd2004-05-24Jag.dmg"
Its SHA-1 digest is: 8c084551505fb4e7131afbf8bce14475bdc5f946
Information will also be posted to the Apple Product Security web
This message is signed with Apple's Product Security PGP key, and
details are available at:
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.