Today, Apple release Version 1.1 of its 2006-002 patch which was released on Monday.
Read more about it here: Apple 2006-002 v1.1
This time, Apple only lists the patched components (php, CoreTypes, LaunchServices, Mail, rsync, Safari).
The update includes all the fixes released in the initial Apple 2006-002 an -001 patch.
Based on the included compents, I believe that this patch will address some of the missed issues in open source packages (rsync and php) which I elluded to in Tuesday's webcast. In addition, the patch will likely fix more issues related to the "safe file execution" problem.
We may update this diary later in case Apple releases any details. A couple words about mitigation:
Some Apple users report in this forum about experiencing network issues after applying 2006-002, which disapeard after applying 2006-002v1.1. See other threads in the same forum for reports of issues like system crashes and systems no longer booting correctly. Apple has not confirmed any problems with this update so far.
I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Winter 2019
Mar 17th 2006
1 decade ago