Second update in two weeks
Apple has issued a security update that repairs five security vulnerabilities in the OS X operating system and bundled applications.
The patch corrects problems that were caused by an update that Apple published two weeks ago. That update aimed to repair problems in the operating system that were exploited by a series of worms and proof of concept code. The most serious one of the flaws could allow an attacker to execute arbitrary code using the Safari browser or Mail application.
Apple does not provide severity ratings for its security updates. Security website Secunia gave the update its highest security rating of "extremely critical".
Monday's patch again addresses an issue where Safari could automatically open a malicious file that is crafted to look like a safe file type. The update introduces additional checks to files that are downloaded to verify its identiy.
The update also deals with file archives containing Javascript, which in some cases can bypass OS X security settings. The update flags the documents as unsafe, prompting the user before the download.
A second patch prevents buffer overflow attacks through Apple's Mail application that could have been triggered by enticing the users to open a specially crafted email attachment. The patch introduces bounds checking for attachments, ensuring that certain parameters are of the expected size and thereby preventing buffer overflows.
The update furthermore repairs an issue that was caused by the pervious update after the Download Validation feature started warning users when they downloaded file types that should have been labelled as safe.
"These unneeded warnings are removed with this update," Apple said in a security bulletin on its website.
Users can apply the patch through OS X's software up date feature or by manually downloading the file from Apple's website.
Apple has issued a security update that repairs five security vulnerabilities in the OS X operating system and bundled applications.
The patch corrects problems that were caused by an update that Apple published two weeks ago. That update aimed to repair problems in the operating system that were exploited by a series of worms and proof of concept code. The most serious one of the flaws could allow an attacker to execute arbitrary code using the Safari browser or Mail application.
Apple does not provide severity ratings for its security updates. Security website Secunia gave the update its highest security rating of "extremely critical".
Monday's patch again addresses an issue where Safari could automatically open a malicious file that is crafted to look like a safe file type. The update introduces additional checks to files that are downloaded to verify its identiy.
The update also deals with file archives containing Javascript, which in some cases can bypass OS X security settings. The update flags the documents as unsafe, prompting the user before the download.
A second patch prevents buffer overflow attacks through Apple's Mail application that could have been triggered by enticing the users to open a specially crafted email attachment. The patch introduces bounds checking for attachments, ensuring that certain parameters are of the expected size and thereby preventing buffer overflows.
The update furthermore repairs an issue that was caused by the pervious update after the Download Validation feature started warning users when they downloaded file types that should have been labelled as safe.
"These unneeded warnings are removed with this update," Apple said in a security bulletin on its website.
Users can apply the patch through OS X's software up date feature or by manually downloading the file from Apple's website.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: