Update plugs twenty security holes
Apple has released a security update that patches twenty security holes in its OS X operating system and bundled applications.
Virus writers in the past weeks have released several high profile viruses and security experts last week disclosed that they had found a critical security hole in the operating system.
"The update fixes both the recently reported Leap-A and Safari security vulnerabilities," an Apple spokesperson said.
The Safari vulnerability was unveiled last week by German researcher Michael Lehn. The flaw could allow an attacker to launch arbitrary code on a Mac computer running the Safari browser through the use of a specially crafted website.
The Apple security update also contains a fix for a vulnerability that was reported in relation to the Safari flaw. It affects the way that the operating system unpacks and executes meta data in certain types of archives. It could be exploited in combination with the Safari vulnerability or by persuading a user to open an email message containing a specially crafted archive file.
The update furthermore changes OS X's security settings to protect users against worms such as the Leap-A worm that was detected last month. The worm spread through the iChat instant messaging client by sending a file to the buddies in a user's contact list, warning users when they are downloading unknown of unsafe file types through the use of a feature called Download Validation.
The same feature is also used in the Mail application, but attackers there could disguise a file's type to bypass the security feature. The update closes this loophole.
The update also repairs less severe vulnerabilities, such as a flaw in Directory Service that allows local users to create and manipulate files as a root user. Attackers could have exploited another design flaw in the way that the software handled the IPsec to launch a denial of service attack against virtual private connections (VPNs).
Users can install the update through the auto update feature in the operating system or by downloading the patch from Apple's website.
Apple has released a security update that patches twenty security holes in its OS X operating system and bundled applications.
Virus writers in the past weeks have released several high profile viruses and security experts last week disclosed that they had found a critical security hole in the operating system.
"The update fixes both the recently reported Leap-A and Safari security vulnerabilities," an Apple spokesperson said.
The Safari vulnerability was unveiled last week by German researcher Michael Lehn. The flaw could allow an attacker to launch arbitrary code on a Mac computer running the Safari browser through the use of a specially crafted website.
The Apple security update also contains a fix for a vulnerability that was reported in relation to the Safari flaw. It affects the way that the operating system unpacks and executes meta data in certain types of archives. It could be exploited in combination with the Safari vulnerability or by persuading a user to open an email message containing a specially crafted archive file.
The update furthermore changes OS X's security settings to protect users against worms such as the Leap-A worm that was detected last month. The worm spread through the iChat instant messaging client by sending a file to the buddies in a user's contact list, warning users when they are downloading unknown of unsafe file types through the use of a feature called Download Validation.
The same feature is also used in the Mail application, but attackers there could disguise a file's type to bypass the security feature. The update closes this loophole.
The update also repairs less severe vulnerabilities, such as a flaw in Directory Service that allows local users to create and manipulate files as a root user. Attackers could have exploited another design flaw in the way that the software handled the IPsec to launch a denial of service attack against virtual private connections (VPNs).
Users can install the update through the auto update feature in the operating system or by downloading the patch from Apple's website.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: