Apple fixes dozens of holes with OS X security update

Company releases first OS X security update of the year, closing holes that could disclose sensitive information and arbitrarily execute code.

Apple released a Mac OS X security update on Thursday that contains fixes for more than two dozen vulnerabilities, including one in Safari RSS that could lead to arbitrary code execution and one in Remote Apple Events that could disclose sensitive information.

Also fixed are a vulnerability in AFP Server that could trigger a denial of service and vulnerabilities in Apple Pixlet Video, ClamAV, CoreText, Python, SMB, and X11 that could lead to arbitrary code execution. Another fix closes a hole in Printing that could allow a local user to get system privileges and one in DS Tools that could expose passwords to other local users.

Security Update 2009-001 can be obtained from the Software Update pane in System Preferences or Apple's Software Downloads Web site.

Apple also on Thursday released Safari 3.2.2 for Windows, which fixes a vulnerability that could allow execution of arbitrary JavaScript in the local security zone. That update is also on Apple's download site.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments