OS X users, please patch!
If you haven’t patch yet, then please do.
How do I know if I’m patched?
Click “About This Mac” and it should display Mac OS X version 10.5.7. You can do the same if you are using Safari by clicking “About Safari”, this should display Safari 4 (beta).
Why it is important to patch?
There are critical vulnerabilities that could allow malicious user (hacker, malware) to snoop and steal your information in background. Let me sight examples from vulnerabilities that has captured media attention (so, it means many attackers are aware of this).
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution.
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Solution: The critical issue has been addressed in Security Update 2009-002
Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution.
This is very critical the fact that browser like Safari has enabled “Open safe files after downloading” by default. You can turn off this option in Safari by following the instructions below:
1. Open Safari
2. Open “Preferences” under the “Safari” menu
3. Click on the “General” tab
4. Un-check the “Open ‘safe’ files after downloading” box
5. Close Safari’s preferences