Apple issues 13 security fixes

Apple has issued security fixes for 13 components of its OS X operating system. 

A flaw in the OS X CoreGraphics component is the most serious, as it could allow an attacker to remotely execute code through a specially-crafted PDF file. The vulnerability only affects OS X 10.4.9 and OS X Server 10.4.9.

Apple did not say whether the code execution is confined to the limited privileges of the current user, or whether attackers could execute code at the root level.

Attackers could also target OS X's 'file' for remote code execution. This vulnerability affects all versions of Mac OS X 10.3 and 10.4. No other components suffered from remote execution vulnerabilities.

A flaw in Fetchmail could allow attackers to steal a user's email password. Fetchmail is used to download emails into a user's local machine, and Apple said that the component may not adequately encrypt the password.

Vulnerabilities in Apple's iChat messaging software and mDNSResponder were also patched. Both vulnerabilities could be exploited to remotely execute code, but would require the attacker to be on a local network with the target machine.

Apple also fixed a vulnerability in the way that OS X handles disk images. By convincing a user to mount two identically-named disk images, an attacker could disguise a piece of malicious software as a legitimate application or document.

The security update is available through Apple's software update system component or as a download from the company's website.

See also:

iGasm ad rubs Apple up the wrong way

Legal eagles circle over Ann Summers stunt  24 May 2007

Users sue Apple over screen quality

Company accused of misleading advertising  22 May 2007

Hoax email knocks $4bn off Apple's bottom line

Stock market jittery on Apple valuation  21 May 2007

Apple iPhone gets thumbs-up from FCC

Federal Communications Commission approves Apple mobile for use  18 May 2007

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!