Apple patches dozens of dangerous Mac flaws Staff
Apple Computer Inc. issued a security update Tuesday addressing 45 flaws found within the operating system and some third-party applications.

The Cupertino, Calif.-based company addressed some critical issues with the software maker's software, which were discovered as part of the Month of Apple Bugs and the Month of Kernel Bugs.

    Requires Free Membership to View

It also fixes some third-party applications, such as Adobe Systems Flash Player and the MySQL database.

Several flaws could be exploited by an attacker to conduct a denial-of-service DDoS attack or elevate privileges to access data, according to a security alert issued Tuesday by Apple. Other flaws could allow an attacker to gain full control over a victim's computer.

Apple Mac OS X and Mac OS X server versions 10.4.8 and earlier are affected. The software vendor said its automatic update would fix the issues.

In an advisory it released on the issues, security vendor Symantec said it was unaware of any exploits in the wild.

"To exploit some of these issues, an attacker must entice an unsuspecting user to execute a malicious file," Symantec said.

A stack-based buffer-overflow vulnerability affects the handling of images with embedded ColorSync profiles. Also found was an unspecified memory-corruption vulnerability affecting the 'diskimages-helper' when arbitrary disk images are mounted.

The AppleTalk networking protocol handler contains a memory corruption issue and a heap bugger overflow vulnerability that may lead to a denial of service or arbitrary code execution.

An authentication-bypass vulnerability was discovered, which is attributed to a flaw in the DirectoryService. It allows unprivileged LDAP users to modify the local root password.

AppleSingleEncoding disk images is also affected by an integer-overflow vulnerability and a flaw triggered by incomplete SSL connections with the CUPS service opens the operating system to a denial-of-service attack, Symantec said.

Flaws were found in the SSH key creation process; insufficient controls in the IOKit HID interface; an insecure command-execution issue affecting the initialization process of USB printers; and an unspecified memory-corruption flaw, which arises during the handling of RAW Image files.

Symantec credited Andrew Garber of University of Victoria, Alex Harper, Michael Evans, and Luke Church of the Computer Laboratory at the University of Cambridge, Jeff Mccune of The Ohio State University, and Cameron Kay of Massey University, New Zealand with the discovery of some of the issues.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: