Apple plugs 25 Mac OS X flaws

Fourth security update this year addresses vulnerabilities that could let attackers hit Macs.

Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

Joris Evers

April 20, 2007 6:29 a.m. PT

2 min read

VANCOUVER, B.C.--Apple on Thursday issued a security update for Mac OS X that addresses 25 security flaws in the operating system software.

The security update affects various parts of the operating system, including some third-party components such as the Kerberos authentication technology. The most serious of the vulnerabilities could allow an attacker to gain complete control over an unpatched Mac, Apple said in a security advisory.

The update deals with another trio of zero-day bugs that were disclosed as part of the Month of Apple Bugs in January. Apple has quashed many bugs detailed during the Month of Apple Bugs and Month of Kernel Bugs projects in previous patch releases.

While several of the vulnerabilities repaired by Apple's updates were previously known, it doesn't appear that any attacks exploiting the flaws actually occurred.

Apple's patch release comes just as hackers at the CanSecWest security conference in Vancouver, B.C., are being challenged to break into two MacBooks. A successful hack wins the hacker the MacBook and a $10,000 bounty, according to show organizers. The contest and conference ends on Friday.

Apple has released a Mac OS X security update each month this year. In March, the Cupertino, Calif., company released an update to fix 45 bugs in the operating system. Apple doesn't have a set patch schedule. Last year, the company released two Mac OS X updates in the first four months of the year.

The latest update is available through the Software Update feature in Mac OS X and from Apple Downloads.