Apple releases Mac OS X security update

Mac OS X 10.4.8 fixes several flaws that could lead to remote code execution, the company says.

Tom Krazit Former Staff writer, CNET News

Tom Krazit writes about the ever-expanding world of Google, as the most prominent company on the Internet defends its search juggernaut while expanding into nearly anything it thinks possible. He has previously written about Apple, the traditional PC industry, and chip companies. E-mail Tom.

See full bio

Tom Krazit

Sept. 29, 2006 12:53 p.m. PT

Apple Computer released an update Friday for Mac OS X to fix several vulnerabilities that could allow attackers to execute code on unpatched systems.

A total of 15 security vulnerabilities are fixed in the update, which is available on Apple's Downloads page or through its Software Update service. The update fixes flaws in certain features of Mac OS X and Safari, but also Adobe System's Flash Player.

For example, one of the updates fixes a flaw in Safari that could allow malicious sites to appear as trustworthy destinations, complete with the little lock icon, without proper authentication. In this case, the flaw was fixed by disallowing anonymous SSL (Secure Sockets Layer) connections by default, Apple said.

Also covered by the updates are flaws that could allow arbitrary code execution from a malicious JPEG2000 image and ones that could allow local users to take advantage of failed attempts to log in to a network account. The fixes can be downloaded either as Mac OS X version 10.4.8 or as Security Update 2006-006, Apple said, adding that either download will correct the identified flaws.

Apple last updated Mac OS X 10.4 in June, with several patches and bug fixes delivered as Mac OS X version 10.4.7. Last week Apple issued an update to fix serious flaws in its AirPort wireless driver software that could allow Macs to be hijacked through wireless connections. More information on the current batch of updates can be found on Apple's Web site.