Apple releases Mac OS X security update
Mac OS X 10.4.8 fixes several flaws that could lead to remote code execution, the company says.
A total of 15 security vulnerabilities are fixed in the update, which is available on
For example, one of the updates fixes a flaw in Safari that could allow malicious sites to appear as trustworthy destinations, complete with the little lock icon, without proper authentication. In this case, the flaw was fixed by disallowing anonymous SSL (Secure Sockets Layer) connections by default, Apple said.
Also covered by the updates are flaws that could allow arbitrary code execution from a malicious JPEG2000 image and ones that could allow local users to take advantage of failed attempts to log in to a network account. The fixes can be downloaded either as Mac OS X version 10.4.8 or as Security Update 2006-006, Apple said, adding that either download will correct the identified flaws.
Apple last updated Mac OS X 10.4 in June, with several patches and bug fixes delivered as Mac OS X version 10.4.7. Last week Apple issued an update to fix serious flaws in its AirPort wireless driver software that could allow Macs to be hijacked through wireless connections. More information on the current batch of updates can be found on Apple's Web site.