The vulnerability takes advantage of HTTP content scanning systems that donit properly scan full-width/half-width Unicode encoded HTTP traffic. An attacker that sends properly designed HTTP traffic to a vulnerable content scanning system could potentially bypass the scanning system and gain remote access to the network device or computer.
The US-CERT advisory states that Apple systems are not vulnerable to the attack, nor are certain products from Hewlett-Packard, Impervia, Force10 Networks, and Sourcefire. Products from 3com, Cisco, EMC, Internet Security Systems, Snort, and TippingPoint Technologies are listed as vulnerable. Microsoft is still in the unknown category.
To ensure that your Mac is safe from this potential exploit, make sure that you are using Mac OS X 10.3.9 or Mac OS X 10.4.9 and have the latest security updates installed. To verify your operating system and security patches are up to date, do this:
- Choose Apple menu > Software Update to launch the Software Update application.
Look for Software Update in the Apple menu. |
---|