Apple plugs 'critical' holes in OS X

Ten new patches for the Macintosh operating system address myriad flaws that open systems to remote attacks, experts say.

Alorie Gilbert Staff Writer, CNET News.com

Alorie Gilbert

writes about software, spy chips and the high-tech workplace.

See full bio

Alorie Gilbert

Sept. 26, 2005 6:56 a.m. PT

Apple Computer released 10 security fixes to address Mac OS X flaws that security experts described as "critical."

Apple issued the patches, available through its Web site, Thursday. The flaws affect versions 10.3.9 and 10.4.2 of the Mac OS X operating system, as well as related server software.

Symantec and the French Security Incident Response Team both said the vulnerabilities are serious and that the need to patch them is urgent. However, no exploits for them have been reported, Symantec noted in an alert sent to members of its DeepSight service Friday.

The flaws expose affected machines to remote attack using arbitrary commands and e-mail interception, according to Apple's bulletin. Certain vulnerabilities could also be exploited for a denial-of-service attack, FrSirt said in an online advisory.

Apple declined to comment on the security patches Friday.

The company has previously released patches for these Mac OS X versions. In one of its bigger security updates, the company last month unloaded fixes for 44 flaws. Last May, it released an update for 20 vulnerabilities, and in March, it distributed an update for a dozen security bugs.