BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

Apple fixes serious OS X flaws

Tags:
Mac OS X,
Bug,
Security,
Exploit

Joris Evers CNET News

Published: 02 Mar 2006 08:50 GMT

Apple on Wednesday released a security update for Mac OS X that fixes 20 vulnerabilities, including a high-profile Web browser and Mail flaw disclosed last week.

The set of patches addresses a variety of security flaws, including several that could let an attacker gain control over a computer running OS X. The patch arrives after two weeks of intense scrutiny for OS X safety, prompted by the discovery of two worms and the disclosure of two security flaws in that period.

The Apple security update addresses those flaws, which affect the Safari Web browser and Apple Mail client. The vulnerabilities expose Mac users to risks that are more familiar to Windows owners: the installation of malicious code through a bad Web site or email because of improper validation of downloads.

The update also changes iChat, Apple's instant messaging application, to thwart instant message threats such as the Leap.A pest, which was detected recently and attacked some Apple users.

"iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers," Apple said.

Aside from the previously disclosed vulnerability in Safari, the Apple patch fixes four additional security bugs. These could result in code being executed on the user's machine after viewing a malicious Web site or allow JavaScript to execute in the local domain, Apple said in its update.

Other flaws fixed in the update include four issues related to the PHP scripted programming language, two problems related to Apple's Directory Services, a problem with mounting of file servers and a bug in FileVault secure storage, which was found to be insecure in the way a FileVault image is created.

Security Update 2006-001, can be downloaded and installed via the Software Update feature in Mac OS X or from Apple Downloads.

"Apple advises Mac OS X users to keep their system current by installing this and all Mac OS X software updates," Apple said.

Did you find this article useful?
68 out of 128 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Apple
iChat
Patch
exploit
Bug

Safari
finder
Update
Mac OS X
Security

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner