Apple patches dangerous Mac flaws

Apple issued updates to correct SSL certificate handling in Safari, video handling bugs and several graphics handling flaws that could be exploited remotely.

This Content Component encountered an error

Apple on Wednesday issued updates to its product line, repairing flaws in the Mac OS X and OS X Server that could be exploited by an attacker to gain access to sensitive files.

In all, more than 40 fixes were released. The Cupertino, Calif.-based company issued the latest Leopard edition, Mac OS X version 10.5 and also included the Apple security update for Mac OS X version 10.4.11 and Mac OS X Server version 10.4.11.

The update is available from the Mac Software Update control panel or as a download from Apple's Web site.

It repairs one of three flaws in iCal discovered by Core Security Technologies. Core said "the vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeatedly execute a denial of service attack to crash the iCal application."

Apple patched what Core called the most serious of the three vulnerabilities. A potential memory corruption could be exploited by attackers by using a malicious calendar file. If successfully exploited, Apple said the flaw could lead to an unexpected application termination or arbitrary code execution.

Other fixes corrected a bug in Apple CoreGraphics, which repairs a bug in the handling of PDF files. Opening a maliciously crafted PDF file may cause an unexpected application termination or arbitrary code execution, apple said.

A bug in Apple's Safari browser was also repaired. Safari's SSL client had a problem with certificate handling that could lead to disclosure of sensitive information to unauthorized websites. This update adds a feature prompting the user before sending the certificate.

Apple also repaired a number of bugs in the way Mac OS X handles image files. An out-of-bounds memory read error, and an integer overflow in the handling error could lead to information disclosure and arbitrary code execution. Several vulnerabilities in libpng, a library used when handling Portable Network Graphics (PNG) image format files, could be exploited to cause a remote denial of service.

Dig deeper on Alternative OS security: Mac, Linux, Unix, etc.

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close