ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Apple patches critical OS X security flaws

Dawn Kawamoto CNET News.com

Published: 01 Dec 2005 09:20 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Apple has issued "highly critical" security updates to address more than a dozen vulnerabilities in its Mac OS X operating system.

Apple released on Tuesday security patches for Mac OS X 10.4.3, otherwise known as Tiger, as well as Mac OS X 10.3.9, dubbed Panther, according to the company's advisory.

Thirteen security flaws were found in areas related to the Apache 2 Web server, curl technology and the Safari browser. The vulnerabilities ranged from potentially letting an attacker launch a denial-of-service attack to taking control of a person's system remotely.

"The most severe of these are the vulnerabilities found in curl and the PCRE library used by Safari," said Thomas Kristensen, chief technology officer for security site Secunia, which rated Apple's updates as "highly critical" — the second-highest danger ranking — in its advisory.

A large number of applications could be affected by the vulnerability in the PCRE library used by Safari's JavaScript engine, Kristensen said. People who inadvertently click on a malicious Web site with their Safari browser could find the flaw exploited, leading to a remote execution of code on their system.

A flaw in Apple's curl technology, which is a library frequently used to download large files and pass them along, could be exploited if visiting a malicious Web site. The site, once detecting curl technology is present on a user's system, can take advantage of the security flaw, Kristensen said. That could result to a remote execution of code on a computer.

One security flaw addressed in the update involves a boundary error found in WebKit. This marks the second time in four months that Apple has addressed a flaw in WebKit, Kristensen said.

This latest flaw could let an attacker launch a buffer overflow, or denial-of-service attack, that could also lead to a remote execution of code and control of a person's system. The earlier flaw in WebKit dealt with the handling of PDF documents.

The new Mac OS X patches follow one issued earlier this month by Apple to address vulnerabilities in four areas of its operating system.

Apple was not available for immediate comment.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
96 out of 178 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Related Jobs

Network Engineer / Network Support Technician - MAC OS X Server

Technology Risk Analyst with Java

Support Engineer

Sentry Posts Blog

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers