Tom Ferris, ain Mission Viejo, Calif., published late on Thursday information on seven flaws in Apple's operating system that potentially put Mac users at risk of a cyberattack. The most serious of the flaws could let attackers surreptitiously run malicious code on users' PCs, Ferris said in an interview via instant messaging.
"We're in the process of investigating and addressing them,", Apple's vice president of software technology, told CNET News.com. "I think it is important to note that although these are potential vulnerabilities, there are no known exploits to them and they are not affecting customers today."
Five of the flaws identified by Ferris relate to how Mac OS handles various image file formats--including BMP, TIFF and GIF, according to his security advisories. Another flaw involves the way OS X decompresses Zip archives. Additionally, Ferris claims to have found several bugs in Apple's Safari browser.
"The image flaws are the scariest ones, giving an attacker multiple methods of compromising a host," Ferris said. "They can be exploited to execute arbitrary code very easily and were not hard to find."
Apple silently fixed one of the flaws related to the handling of TIFF image files in update 10.4.6, Ferris said. The other bugs remain unpatched, he said, adding that he reported the issues to Apple earlier this year.
Apple believes the public disclosure of security flaws doesn't help anyone, a position. "We don't feel that our customers are better served by public disclosure of potential issues," Tribble said. "We think that in the general case, people who need to know about issues are the ones that can actually fix the bugs."
Ferris in the past has released information on flaws in several Apple products, including, as well as the , before an official patch was made available.
"Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by attackers to execute arbitrary commands or cause a denial of service," Secunia said in an advisory. To protect against attacks, the company recommends not surfing to untrusted Web sites and not opening suspect Zip archives or images.
Apple expects to address the issues in an upcomingbut could not say when that fix might be released. "Our target is to do it promptly," Tribble said. "How quickly that can be done depends on a lot of variables, in terms of how much information we get and how complex the things are to address."