|Network Security Consulting SecurityFocus Article
Apple Closes Open-source Flaws With Latest Patch
Apple plugged on Friday at least 40 security holes affecting its Mac OS X operating system, releasing a patch to upgrade the software and install new security certificates.
The vast majority of the vulnerabilities affect the open-source components of the Mac OS X, including the MySQL database server, the PHP dynamic Web language, the Tomcat Java server, the Apache Web server and the vim text editor. The patch -- Apple's seventh major fix for Mac OS X this year -- closes 25 vulnerabilities in those applications, some of which are shipped only with the Apple's server products. Other vulnerabilities also affected the open-source ClamAV antivirus software, Postfix mail software, and CUPS printing software, according to the company's advisory.
Other flaws affected Apple's own software.
A vulnerability in the handling of images by Apple's ColorSync software could allow an attacker the ability to run arbitrary code on a victim's system. Another flaw could allow a specially crafter file left on the Desktop to repeatedly crash and restart the Finder, Apple's software for navigating through files and folders. And a bug in the operating systems QuickLook component for previewing files allows maliciously create Excel files to launch code.
The software company also used the software fix to update its list of "system roots," the security certificates that certify software and Web sites.
Users can use Apple's Software Update feature, available via the Apple menu, to download the latest software.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos