First Apple Security Update of 2005 Patches Mac OS X — On 25-Jan-05, Apple released Security Update 2005-001 to patch several reported vulnerabilities in both desktop and server versions of Mac OS X 10.2 and 10.3. The update affects Mail and Safari, the SquirrelMail webmail software incorporated in Mac OS X Server, the Unix command-line tool at, ColorSync color profile software, and the libxml2 and PHP libraries. With the update, Apple also started a new naming scheme for security updates that uses the year and a sequential update number rather than a full date that could sometimes cause confusion when it didn’t match with the release date.
The newly patched Mail client no longer uses each Mac’s identifiable unique network hardware address in constructing the Message-ID header in outgoing messages, and Safari now prevents a malicious pop-up window from appearing to be from a trusted site. (If Safari’s Block Pop-Up Windows feature is enabled, the issue doesn’t occur.) Details of the other patches are available on Apple’s Web site. The free updates, 18 MB for 10.2 users and 7 MB for 10.3 users, may be downloaded via Software Update or from the Apple Downloads Web site. [MHA]