Apple plugs five security holes
Computer maker updates operating system to 10.4.7
Apple has released a security update for its OS X operating system that plugs five vulnerabilities.
Apple does not issue severity ratings for vulnerabilities in its software, but at least two of the repaired vulnerabilities could allow an attacker to take control of a system.
The update to version 10.4.7 repairs a vulnerability in the way that OS X handles TIFF images which could be exploited through a specially crafted image. The vulnerability can cause an application to crash or allow for arbitrary code execution.
The ClamAV application that is bundled with the server version of the operating system could also allow an attacker to take over control of a system, Apple warned.
The attacker would have to set up a spoofed database mirror for the ClamAV antivirus application.
Of the remaining plugged holes, a vulnerability in the AFP server is vulnerable to a privilege escalation that can lead to disclosure of sensitive information.
The Launchd programme is suffering from a vulnerability that could allow a local user to gain additional privileges and the Open Directory Server and is susceptible to a security flaw that gives attackers an opportunity to crash the application.
Users can update their system through the update service built into OS X or by manually downloading the patch from the Apple support website.
V3 Latest
Citrix launches lawsuit against Workspot over claims of patent infringement
Citrix claims Workspot has 'continued to mislead the market' and use Citrix-patented features
Researchers develop data transmission technique that could triple broadband speeds
Using proven technology from wireless, coax and ADSL/VDSL communication
Government plans crackdown on touts who use automated online tools to buy up tickets in bulk
Touts crowding genuine fans out of the market, claims government
TSB online banking issues lead to customer data leaks
Users complain they haven't been able to access their accounts or withdraw money
Most read
