• CONTEST ALERT - Experience the power of DDR5 memory with Kingston Click for details

UPDATE:Apple issues 13 security fixes

Not open for further replies.


Apple issues 13 security fixes
Problems with CoreGraphics, Fetchmail, iChat and mDNSResponder

Apple has issued security fixes for 13 components of its OS X operating system.

A flaw in the OS X CoreGraphics component is the most serious, as it could allow an attacker to remotely execute code through a specially-crafted PDF file. The vulnerability only affects OS X 10.4.9 and OS X Server 10.4.9.

Apple did not say whether the code execution is confined to the limited privileges of the current user, or whether attackers could execute code at the root level.

Attackers could also target OS X's 'file' for remote code execution. This vulnerability affects all versions of Mac OS X 10.3 and 10.4. No other components suffered from remote execution vulnerabilities.

A flaw in Fetchmail could allow attackers to steal a user's email password. Fetchmail is used to download emails into a user's local machine, and Apple said that the component may not adequately encrypt the password.

Vulnerabilities in Apple's iChat messaging software and mDNSResponder were also patched. Both vulnerabilities could be exploited to remotely execute code, but would require the attacker to be on a local network with the target machine.

Apple also fixed a vulnerability in the way that OS X handles disk images. By convincing a user to mount two identically-named disk images, an attacker could disguise a piece of malicious software as a legitimate application or document.

:arrow: Download Apple Updates

Not open for further replies.
Top Bottom