Apple has
fixed 30 vulnerabilities in 22 applications for Mac OS X on the day when
administrators can normally expect a raft of fixes from
Microsoft.
The second Tuesday of the month is known for security fixes from Microsoft,
but this month's 'Patch Tuesday' is solely the domain of Apple.
Fourteen of the patched Apple vulnerabilities could lead to remote code
execution, while most of the others allowed privilege elevation or caused
application crashes.
Among the most potentially serious is a flaw in Apple's Disk Images that
could allow an attacker to remotely execute malware by way of a specially
crafted web page.
The vulnerability was disclosed during January's
Month
of Apple Bugs project and was classified by security company
Secunia
as 'highly critical', the company's second-highest alert level.
Other Mac OS X components receiving fixes for remote code execution
vulnerabilities include the Mac OS X kernel, the AppleTalk networking component,
and the QuickDraw image processing software.
For users with Mac OS X 10.4 and later, the security fixes are part of a
larger Mac OS 10.4.9 update. Users running Mac OS X 10.3 can download the fixes
under the name Security Update 2007-003.
Both versions are available through Apple's Software Update system component.
The update is the third security fix issued by Apple this year, and largest
single security update since May 2006 when the company
released 31
patches.
Do you agree?
Have your say on this article