Apple plugs ten 'critical' security holes

Buffer overflow vulnerabilities could allow an attacker to take control

Apple has released a security update for its OS X 10.3 and OS X 10.4 operating systems.

The patch fixes vulnerabilities in the operating system itself as well as bundled applications.

Apple does not provide severity ratings for the flaws in its software, but an advisory from security website Secunia gave the vulnerabilities its second highest rating of 'highly critical'. 

The patch repairs a buffer overflow vulnerability in ImageIO, a Java tool used to display images. The security hole could allow an attacker to take control of a system by placing a specially crafted Gif image on a website.

Apple's Quickdraw manager is also susceptible to a buffer overflow attack through the use of a specially crafted Pict image. The tool is used by several applications, including Safari, Mail and Finder.

Other vulnerabilities patched in the update include Apple's Mail application, the Safari browser and the Quicktime Media player.

Mimicking Microsoft's 'patch Tuesday' release cycle, Apple usually releases security updates at midnight on the second Tuesday of the month.

This cycle is not official policy, however, and this month the vendor released its patch nine days later.

Microsoft did not release any patches in September, pulling a previously announced critical update because of "quality concerns".

Users can download the 7.1Mb Apple patch through the software update feature in the operating system or from the Apple website here.