Apple
Buffer overflow vulnerabilities could allow an attacker to take control

Apple plugs ten 'critical' security holes

More fixes for OS X

Tom Sanders in California

Apple has released a security update for its OS X 10.3 and OS X 10.4 operating systems.

The patch fixes vulnerabilities in the operating system itself as well as bundled applications.

Advertisement

Apple does not provide severity ratings for the flaws in its software, but an advisory from security website Secunia gave the vulnerabilities its second highest rating of 'highly critical'. 

The patch repairs a buffer overflow vulnerability in ImageIO, a Java tool used to display images. The security hole could allow an attacker to take control of a system by placing a specially crafted Gif image on a website.

Apple's Quickdraw manager is also susceptible to a buffer overflow attack through the use of a specially crafted Pict image. The tool is used by several applications, including Safari, Mail and Finder.

Other vulnerabilities patched in the update include Apple's Mail application, the Safari browser and the Quicktime Media player.

Mimicking Microsoft's 'patch Tuesday' release cycle, Apple usually releases security updates at midnight on the second Tuesday of the month.

This cycle is not official policy, however, and this month the vendor released its patch nine days later.

Microsoft did not release any patches in September, pulling a previously announced critical update because of "quality concerns".

Users can download the 7.1Mb Apple patch through the software update feature in the operating system or from the Apple website here

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Further reading

Apple adopts controversial security chip

Trusted Platform Module limits OS X to Macs, but could do more

Hackers set OS X free from Apple

Operating system brought to PCs against Apple's wishes

Apple unveils OS X security patches

Denial of service and file overwrite bugs fixed

Apple OS X update breaks 64-bit applications

Missing library leaves 64-bit applications in the cold

Related whitepapers

Related jobs

Most watched

Summit: Views From the Valley

V3.co.uk's US office weighs in on the information overload crisis

John Chambers speaks on collaboration

Cisco boss talks up new offerings

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

deloitte

Summit interview: Deloitte discusses security implications of the data deluge

We chat to Mike Maddison, UK head of Security, Privacy...

ibm logo

IBM boosts mobile shopping with WebSphere Commerce

Update designed to give mobile users a richer, more personalised...

Summit: Intel discusses processors for data overload (part 2 of 2)

More thoughts on how servers can help manage overload

chrome logo

Google plans a Mac version of Chrome

A Mac-friendly version of the browser is in the pipeline

Primary Navigation