All the latest UK technology news, reviews and analysis
|
|
|
14 Mar 2006
Apple has issued a security update that repairs five vulnerabilities in its OS X operating system and bundled applications.
The patch corrects problems caused by an update published two weeks ago which aimed to repair problems exploited by a series of worms and proof-of-concept code.
The most serious of the flaws could allow an attacker to execute arbitrary code using the Safari browser or Mail application.
Apple does not provide severity ratings for its updates, but security firm Secunia gave the update its highest security rating of 'extremely critical'.
The latest patch again addresses an issue in which Safari could automatically open a malicious file crafted to look like a safe file type. The update introduces additional checks to files that are downloaded to verify their identity.
The update also deals with file archives containing JavaScript, which in some cases can bypass OS X security settings. The update flags the documents as unsafe, prompting the user before the download.
A second patch prevents buffer overflow attacks through Apple's Mail application that could have been triggered by enticing users to open a specially crafted email attachment.
The patch introduces 'bounds checking' for attachments, ensuring that certain parameters are of the expected size and thereby preventing buffer overflows.
The update also repairs an issue caused by the previous update after the Download Validation feature started warning users when they downloaded file types that should have been labelled as safe.
"These unneeded warnings are removed with this update," Apple said in a security bulletin on its website.
Users can apply the patch through OS X's software update feature or by manually downloading the file from Apple's website.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
IT Security Specialist Move in2 Solutions /Pre-Sales...
SOFTWARE ENGINEER - BERKS - to £34k plus package WAREHOUSE...
We currently have a position for a Senior Project Manager...
JAVA DEVELOPER TRANSPORT MANAGEMENT SYSTEMS / TMS...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Secunia's Ratings
Note that Secunia consistently rates OS X security issues as more critical than comparable Windows issues. The issue in question only affects people who *choose* to download a file. You can't just visit a website and have your machine taken over... Recent security issues affecting Windows media player and WMF rendering -- both of which would allow a computer to be completely compromised without the user doing anything more than going to a url were rated as less critical.
Posted by: Tonio Loewald 14 Mar 2006