Apple fixes a dozen holes in Mac OS X

Several holes addressed in Apple's security update could allow an attacker to take control of the computer, including a hole in Flash Player plug-in.

Apple fixes a dozen vulnerabilities affecting Mac OS X 10.5 and 10.6 in its first security update for the year released on Wednesday.

The security update addresses several issues with the Flash Player plug-in, including one that could allow an attacker to take control of the computer if the user visits a malicious Web site.

Also patched were holes in CoreAudio, ImageIO, and Image RAW that could lead to arbitrary code execution and allow an attacker to take control of the computer if a malicious MP4 audio file were played, or malicious TIFF (Tagged Image File Format) or DNG (Digital Negative) images were viewed.

The release also affects OpenSSL, fixing a man-in-the-middle vulnerability that exists in the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols used to secure communications over the Internet. The vulnerability, discovered by researchers at PhoneFactor in August 2009, could allow someone to capture data or modify operations performed in protected sessions.

In addition, a hole in the CUPS printing service was plugged that could allow an attacker to cause a remote denial-of-service by issuing a malicious get-printer-jobs request.

About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.


Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
10 mobile gadgets gone gonzo (pictures)
Apple in 2014: iPhone 6, iCloud hack, Beats and more (pictures)
The 12 most distinctive phones of 2014 (pictures)
Best mobile games of 2014
Nissan gives new Murano bold style (pictures)
Top great space moments in 2014 (pictures)