【Mac】Security Update 2005-009

Security Update 2005-009 提供了許多安全性方面的改進，建議所有 Macintosh 使用者都安裝此更新項目。

此更新項目包括下列組件：

apache_mod_ssl
CoreFoundation
CoreTypes
curl
iodbcadmin
OpenSSL
Safari
sudo
syslog

為了系統的安全，蘋果電腦建議 Mac OS X 10.3 或者是 10.4 的用戶儘早安裝升級系統。目前除了可以透過系統內建的系統更新功能來進行升級以外，您也可以前往蘋果電腦網站下載升級套件的檔案自行進行安裝。

PS:有使用Saft的人，記得要更新到最新版8.2.1唷！不然你可能無法正常使用Saft。

According to the release notes, the update addresses issues with apache_mod_ssl, CoreFoundation, CoreTypes, curl, iodbcadmin, OpenSSL, Safari, sudo, and syslog.

Most notably, the update rectifies issues where:

local users may gain elevated privileges;
maliciously-crafted URLs may result in crashes or arbitrary code execution;
applications using OpenSSL may be forced to use the weaker SSLv2 protocol;
local users on Open Directory master servers may gain elevated privileges;
Safari may download files outside of the designated download directory;
JavaScript dialog boxes in Safari may be misleading;
visiting malicious web sites with WebKit-based applications may lead to arbitrary code execution;
local users may be able to gain elevated privileges in certain sudo configurations;
system log entries may be forged;


Security Update 2005-009 also includes enhancements to Safari to improve handling of credit card security codes (Mac OS X v10.3.9 and Mac OS X v10.4.3), CoreTypes to improve handling of Terminal files (Mac OS X v10.4.3), QuickDraw Manager to improve rendering of PICT files (Mac OS X v10.3.9), documentation regarding OpenSSH and PAM (Mac OS X v10.4.3), and ServerMigration to remove unneeded privileges.