Apple releases security update for Mac OS X and Server

By Elinor Mills, CNET News.com
Thursday, May 29, 2008 11:09 AM

Apple released a hefty security update for the Mac OS X and OS X Server late Wednesday that fixes more than 40 vulnerabilities, a number of which could be exploited to enable someone to run programs on the machine remotely or lead to the disclosure of sensitive data.

Security Update 2008-003 is for Mac OS X v 10.4.11 and Mac OS X Server v 10.4.11. The fixes are included in the latest Leopard edition, Mac OS X v 10.5.3, which also was released on Wednesday.

The software fixes vulnerabilities that could have led to arbitrary code execution and/or unexpected application termination related implemntaton of: AFP Server, AppKit, Apple Pixlet Video, ATS, CoreFoundation, CoreGraphics, Flash Player Plug-in, Help Viewer, and iCal. The iCal vulnerability was discovered by Core Security, which last week announced it had found three vulnerabilities in iCal.

It also fixes vulnerabilities that could have led to disclosure of sensitive information related to implementation of technologies including CUPS, International Components for Unicode, and CFNetwork when visiting a maliciously crafted Web site due to an issue in Safari's SSL client certificate handling.

Meanwhile, other updates fix vulnerabilities that could lead to information disclosure and allow a local user to manipulate files with the privileges of another user in Mail; allow a remote attacker to read arbitrary files related to Ruby; expose passwords supplied to sso_util to other local users when using Single Sign-On; expose user names on servers with Wiki Server enabled to a remote attacker; and not warn users before opening certain potentially unsafe content types.

In addition, the software fixes a vulnerability that could lead to information disclosure when viewing a maliciously crafted BMP or GIF image and lead to unexpected application termination or arbitrary code execution when viewing a maliciously crafted JPEG2000 image file.

Security Update 2008-003 and Mac OS X v 10.5.3 are available from Apple's Software Downloads Web site.

This article was originally a blog post on CNET News.com.

0

0 votes

Save to My Library

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Featured Whitepapers

Tech Jobs Now!

TechGuides

Specials
News and Interviews
Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video
Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

Salesforce CEO chatters about new social media platform
Facebook-type app hits the enterprise
Play video
Salesforce demos Service Cloud 2
New Web-based tools for customer service
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video
Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video