Description: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) Under certain circumstances, it is possible for JavaScript to bypass the same-origin policy via specially crafted archives.
2) A boundary error in Mail can be exploited to cause a buffer overflow via a specially crafted email with an overly long Real Name entry. This allows execution of arbitrary code on a user's system if a specially crafted attachment in the AppleDouble format is double-clicked.
3) An error in Safari / LaunchServices can cause a malicious application to appear as a safe file type. This may cause a malicious file to be executed automatically when visiting a malicious web site.
Provided and/or discovered by: 2) Kevin Finisterre, DigitalMunition.
3) The vendor credits Will Dormann and Andris Baumberger.
Changelog: 2006-03-14: Added information provided by Kevin Finisterre.
2006-03-16: Vendor issues updated Security Update for version 10.4.5.
2006-03-17: Added link to US-CERT vulnerability note.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.