Manage updates with the Download App
Apple updates Safari, iOS, and OS X to address security flaw
Apple has released updates to Safari, iOS, and OS X to address a flaw where an attacker could steal personal information. This problem affects Windows as well.
A fault in the Certificates Trust Policy that Safari uses has been found and patched by Apple. Safari 5.0.5 for Mac (download) and Windows (download) fixes a problem wherein an attacker could use fraudulent SSL certificates to perform a "man-in-the-middle" attack on the local network to redirect connections and potentially get user credentials and other personal information. This issue has been addressed by a number of updates from Apple today for Safari, OS X Leopard, Snow Leopard, and iOS.
The updates should be available via Software Update, but are also available as standalone downloads from the following locations:
Security Update 2011-002 for Leopard Server (473.19MB)
Security Update 2011-002 for Leopard Client (241.35MB)
Security Update 2011-002 for Snow Leopard (4.43MB)
Safari 5.0.5 Update (33-53MB, depending on the OS)
iOS users, be sure to update your iPods, iPhones, and iPads to the latest releases that cover this problem. For more information on the iOS updates, see this article.
As always, be sure to fully back up your system before installing these updates. Use Time Machine or a system-cloning tool and update your backups or create new ones. If you use Safari on Windows in Boot Camp or a virtual machine, be sure to update Windows as well since this security flaw also affects those operating systems. Microsoft has a knowledgebase article that covers relevant updates for its operating systems as well.
Questions? Comments? Have a fix? Post them below or email us!
Be sure to check us out on Twitter and the CNET Mac forums.
