If this page does not print out automatically, select Print from the File menu.

Apple patches 26 security flaws

Holes expose users to arbitrary code execution

Tom Sanders in California, vnunet.com 02 Aug 2006

Apple has released a security update that repairs 26 vulnerabilities in its OS X operating system and bundled applications.

Of the patched security holes, 17 could expose the user to an arbitrary code execution.

Four of the remaining vulnerabilities could lead to disclosure of confidential information, two could cause an application to crash. A local user in three cases could exploit a flaw to gain additional user rights.

Apple doesn't provide severity ratings for the security holes it discloses in its software. Some of the arbitrary code execution flaws would generally be considered the most severe vulnerabilities because an attacker can exploit them without any user interaction.

The update, for instance, repairs four arbitrary code execution vulnerabilities in the way that OS X handles images in the GIF, RAW or Radiance formats. An attacker could exploit those by placing a specially crafted image on a website or send it as an email attachment.

Users can obtain the patch through the software update feature in OS X or download the patch from Apple's website.

Permalink: http://www.itweek.co.uk/2161483

www.itweek.co.uk/2161483

This article was printed from the IT Week web site
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503

Close this window to return to the website