Apple
Buffer overflow vulnerabilities could allow an attacker to take control

Apple plugs ten 'critical' security holes

More fixes for OS X

Tom Sanders in California

Apple has released a security update for its OS X 10.3 and OS X 10.4 operating systems.

The patch fixes vulnerabilities in the operating system itself as well as bundled applications.

Advertisement

Apple does not provide severity ratings for the flaws in its software, but an advisory from security website Secunia gave the vulnerabilities its second highest rating of 'highly critical'. 

The patch repairs a buffer overflow vulnerability in ImageIO, a Java tool used to display images. The security hole could allow an attacker to take control of a system by placing a specially crafted Gif image on a website.

Apple's Quickdraw manager is also susceptible to a buffer overflow attack through the use of a specially crafted Pict image. The tool is used by several applications, including Safari, Mail and Finder.

Other vulnerabilities patched in the update include Apple's Mail application, the Safari browser and the Quicktime Media player.

Mimicking Microsoft's 'patch Tuesday' release cycle, Apple usually releases security updates at midnight on the second Tuesday of the month.

This cycle is not official policy, however, and this month the vendor released its patch nine days later.

Microsoft did not release any patches in September, pulling a previously announced critical update because of "quality concerns".

Users can download the 7.1Mb Apple patch through the software update feature in the operating system or from the Apple website here

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Further reading

Apple adopts controversial security chip

Trusted Platform Module limits OS X to Macs, but could do more

Hackers set OS X free from Apple

Operating system brought to PCs against Apple's wishes

Apple unveils OS X security patches

Denial of service and file overwrite bugs fixed

Apple OS X update breaks 64-bit applications

Missing library leaves 64-bit applications in the cold

Related whitepapers

Related jobs

Most watched

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

a padlock

Microsoft to plug security holes

Microsoft has given advance warning of a number of security...

Nokia handset

Top 10 articles, 10 July 09

No Nokia Android phone, ActiveX attacks and Google enters into...

Can Google beat Microsoft at its own game?

Google's announcement this week that it plans to step into...

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Primary Navigation