Apple Computer has released a number of security patches
to address phishing, denial of service and buffer overflow
vulnerabilities in its Mac operating system for clients and
servers.
The monthly security update includes a patch to prevent phishing
attacks via Apple’s Safari browser.
This vulnerability is caused by the browser’s support for the
Internationalized Domain Name (IDN) protocol, which is designed to
make it easier for users to jump from one international website to
another by allowing the browser to easily recognise foreign
characters.
Phishing scammers have used the protocol to trick users into
thinking they are viewing a trusted site when they are not.
Apple says it has closed this security hole with the Safari
patch, following the likes of Mozilla and Opera, which have done
the same with their patches.
Microsoft’s Internet Explorer does not support IDN so is not
affected by the vulnerability.
The patches can be downloaded from:
http://www.apple.com/support/