Apple on Wednesday issued updates to its product line, repairing flaws in the Mac OS X and OS X Server that could...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
be exploited by an attacker to gain access to sensitive files.
In all, more than 40 fixes were released. The Cupertino, Calif.-based company issued the latest Leopard edition, Mac OS X version 10.5 and also included the Apple security update for Mac OS X version 10.4.11 and Mac OS X Server version 10.4.11.
The update is available from the Mac Software Update control panel or as a download from Apple's Web site.
It repairs one of three flaws in iCal discovered by Core Security Technologies. Core said "the vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeatedly execute a denial of service attack to crash the iCal application."
Apple patched what Core called the most serious of the three vulnerabilities. A potential memory corruption could be exploited by attackers by using a malicious calendar file. If successfully exploited, Apple said the flaw could lead to an unexpected application termination or arbitrary code execution.
Other fixes corrected a bug in Apple CoreGraphics, which repairs a bug in the handling of PDF files. Opening a maliciously crafted PDF file may cause an unexpected application termination or arbitrary code execution, apple said.
A bug in Apple's Safari browser was also repaired. Safari's SSL client had a problem with certificate handling that could lead to disclosure of sensitive information to unauthorized websites. This update adds a feature prompting the user before sending the certificate.
Apple also repaired a number of bugs in the way Mac OS X handles image files. An out-of-bounds memory read error, and an integer overflow in the handling error could lead to information disclosure and arbitrary code execution. Several vulnerabilities in libpng, a library used when handling Portable Network Graphics (PNG) image format files, could be exploited to cause a remote denial of service.