TechWeb

Apple Fixes 15 Flaws, Updates Mac OS X To 10.4.8

Sep 29, 2006 (04:09 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=193100930


Apple Computer Inc. on Friday updated Mac OS X 10.4 to patch 15 vulnerabilities in the operating system and bundled software that can let attackers run malicious code, crash the computer, or gain unauthorized access to the machine.

According to the alert that Apple released alongside the update, more than half of the fixed flaws can lead to "arbitrary code execution." In plain English, that means a hacker could hijack the Mac and install his own software on the system. Four of the bugs are in Flash, the Adobe-sold animation player bundled with Mac OS X.

A vulnerability in Safari, Apple's Web browser, could let malicious sites pose as trustworthy URLs with SSL (Secure Sockets Layer) indicators, said the alert, while in another, a specially-crafted JPEG2000 image could be used to trigger a buffer overflow to compromise the computer.

One of the more dangerous vulnerabilities outlined by Apple is a memory management error in WebKit's handling of certain HTML. Simply viewing a malicious Web site could result in a hacked Mac. WebKit is Apple's version of the open-source browser engine used by Safari and other OS X components, including Mail and the Dashboard.

The Friday update is the first OS-wide security fix in nearly two months, although other components, including Apple's own QuickTime, have been patched since then.

The update -- as well as a similar security update for users of Mac OS X 10.3 (Panther) that includes only 8 patches -- can be downloaded from the Apple Web site, or retrieved using the operating system's own auto update tool.