Apple releases security update for Mac OS X and OS X Server v. 10.4.11

Apple fixes more than two dozen vulnerabilities, including some that could lead to disclosure of sensitive data and the arbitrary running of code.

Apple released a hefty security update for the Mac OS X and OS X Server on Wednesday that fixes more than 40 vulnerabilities, a number of which could be exploited to enable someone to run programs on the machine remotely or lead to the disclosure of sensitive data.

Security Update 2008-003 is for Mac OS X v 10.4.11 and Mac OS X Server v 10.4.11. The fixes are included in the latest Leopard edition, Mac OS X v 10.5.3, which also was released on Wednesday .

The software fixes vulnerabilities that could have led to arbitrary code execution and/or unexpected application termination related implemntaton of: AFP Server, AppKit, Apple Pixlet Video, ATS, CoreFoundation, CoreGraphics, Flash Player Plug-in, Help Viewer, and iCal. The iCal vulnerability was discovered by Core Security, which last week announced it had found three vulnerabilities in iCal .

It also fixes vulnerabilities that could have led to disclosure of sensitive information related to implementation of technologies including CUPS, International Components for Unicode, and CFNetwork when visiting a maliciously crafted Web site due to an issue in Safari's SSL client certificate handling.

Meanwhile, other updates fix vulnerabilities that could lead to information disclosure and allow a local user to manipulate files with the privileges of another user in Mail; allow a remote attacker to read arbitrary files related to Ruby; expose passwords supplied to sso_util to other local users when using Single Sign-On; expose user names on servers with Wiki Server enabled to a remote attacker; and not warn users before opening certain potentially unsafe content types.

In addition, the software fixes a vulnerability that could lead to information disclosure when viewing a maliciously crafted BMP or GIF image and lead to unexpected application termination or arbitrary code execution when viewing a maliciously crafted JPEG2000 image file.

Security Update 2008-003 and Mac OS X v 10.5.3 are available from Apple's Software Downloads Web site.


Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments