It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Apple unloads dozens of fixes for OS X Apple unloads dozens of fixes for OS X
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


Apple unloads dozens of fixes for OS X
Reply
 
Thread Tools
Old 16th August 2005, 21:38   #1
[M] Reviewer
 
Sidney's Avatar
 
Join Date: Mar 2004
Posts: 15,739
Sidney Freshly Registered
Default Apple unloads dozens of fixes for OS X

Apple Computer has released what seems to be one of its larger security updates for Mac OS X, doling out fixes for 44 flaws.

Still, only a handful of the vulnerabilities are of major concern, according to security analysts. The package of fixes was released Monday.

"This one is a big update. I don't recall seeing as many updates as we see today," said Thomas Kristensen, Secunia's chief technology officer.

By comparison, Apple last May released an update for 20 vulnerabilities and in March distributed an update for a dozen flaws.

But Kristensen noted that, with the new update, only a few of the 44 vulnerabilities are of great concern. He also said that 25 percent of the patches involve older vulnerabilities that have yet to lead to exploit code being developed by attackers. Still, Secunia is rating the overall update as "highly critical."

Apple declined to comment on the vulnerabilities and referred all questions to its security update.

The flaws affect Apple's Mac OS 10.3.9 and 10.4.2 operating system software and related server software.

Kristensen said that some vulnerabilities involving AppKit and Safari are critical.

AppKit, which is used to open RTFs (rich text files) and Word documents, has flaws that allow a remote attacker to create a malicious file that results in a buffer overflow. That in turn can lead to arbitrary code being executed on a user's system.

Apple, however, notes that only some applications use AppKit, and that Microsoft Word for Mac OS X is not vulnerable.

Flaws in Safari, meanwhile, can allow an attacker to bypass the browser's security checks and execute arbitrary commands, when the user clicks on a maliciously crafted rich text file.

Another flaw, a vulnerability in Apple's Sever Manager D, a modified version of Apache, is also being considered critical by some.

That flaw can result in a buffer overflow and remote execution of code by an attacker, with no user interaction, said Frank Nagle, assistant director of vulnerability aggregation for iDefense, a VeriSign company.

Although Apple lists other security flaws that could be exploited by a remote attacker, they are "less critical," according to Secunia.

For example, two vulnerabilities in Apache 2 could be exploited by a remote attacker to either bypass security restrictions or launch a denial-of-service attack.

But Apple did not set Apache 2 by default, so it is less of an issue than it would be if the same vulnerabilities affected Apache 1.3, Nagle said.

http://news.com.com/Apple+unloads+do...l?tag=nefd.top
__________________
lazyman

Opteron 165 (2) @2.85 1.42 vcore AMD Stock HSF + Chill Vent II
Sidney is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apple ditches 32nm Arrandale, won't use Intel graphics jmke WebNews 0 5th December 2009 11:44
Apple Hires Two High-Ranking Ex-ATI Graphics Executives jmke WebNews 0 29th April 2009 15:43
Apple plans on using NVIDIA chipset for next Macbook jmke WebNews 2 1st August 2008 13:09
Apple Macintosh Continues to Gain Popularity in U.S. Retail jmke WebNews 12 23rd May 2008 10:49
Apple Renames iPhone to "iTouch Mobile" jmke WebNews 6 12th January 2007 20:20
Apple may use Intel chips: report Sidney WebNews 0 23rd May 2005 18:37

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 08:39.


Powered by vBulletin® - Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO