In association with heise online

15 November 2007, 16:31

Update for Mac OS X closes a host of security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released its OS updates close on the heels of Microsoft's patchday. As well as closing numerous security holes in Mac OS X 10.4 and 10.3.9, the updates also include general bug fixes and new versions of installed programs such as Safari 3.

Eight of the security vulnerabilities allow intruders to infiltrate and execute malicious program code via manipulated websites, files or network packets. Affected components include the Flash Player plugin, CoreFoundation, CoreText, IPv6, the NFS Server, NSURL as well as Safari and the WebCore. Another seven vulnerabilities allow local users to force the system to shut down or permit them to extend their rights within the system. Apple mentions the components AppleRAID, the kernel, AppleTalk and SecurityAgent in this respect. Apple lists a total of 39 bugs in system components and in third-party software that have been fixed by the update. Most of these could lead to intruders obtaining or manipulating sensitive data.

Updates are available for the Mac OS X 10.3.9 and server versions as well as for Mac OS X 10.4 up to and including 10.4.10 and their respective server versions. These are being supplied via automatic updates but can also be downloaded directly from Apple. Users are advised to apply the updates as quickly as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit