First Apple Security Update of 2005 Patches Mac OS X -- On 25-Jan-05, Apple released Security Update 2005-001 to patch several reported vulnerabilities in both desktop and server versions of Mac OS X 10.2 and 10.3. The update affects Mail and Safari, the SquirrelMail webmail software incorporated in Mac OS X Server, the Unix command-line tool at, ColorSync color profile software, and the libxml2 and PHP libraries. With the update, Apple also started a new naming scheme for security updates that uses the year and a sequential update number rather than a full date that could sometimes cause confusion when it didn't match with the release date.
<http://docs.info.apple.com/article.html? artnum=300770>
The newly patched Mail client no longer uses each Mac's identifiable unique network hardware address in constructing the Message-ID header in outgoing messages, and Safari now prevents a malicious pop-up window from appearing to be from a trusted site. (If Safari's Block Pop-Up Windows feature is enabled, the issue doesn't occur.) Details of the other patches are available on Apple's Web site. The free updates, 18 MB for 10.2 users and 7 MB for 10.3 users, may be downloaded via Software Update or from the Apple Downloads Web site. [MHA]
