Apple issues major OS X security update

Apple issues major OS X security update


Safari also patched

Apple has issued a major security update for Mac OS X and Safari. The update addresses 86 common vulnerability and exposure CVE entries in 30 applications for Mac OS.

Among the components addressed by the update are vulnerabilities in the Printing and Preview components which could allow encrypted PDF files to be viewed without authentication.

Other fixes include security updates for the ClamAV antivirus application, the OS X Leopard application firewall and several Apache components.

The Safari update addresses 13 security vulnerabilities, one of which could allow an attacker to remotely execute code on OS X, Windows XP and Windows Vista systems if exploited by an attacker.

Nine of the patched flaws could allow an attacker to conduct a cross-site scripting attack in which information entered into one page is transmitted to another site run by an attacker.

These vulnerabilities were found in the WebKit and WebCore components of the browser, as well as the elements of the browser that handle JavaScript and the error page.

Both the OS X and Safari updates can be downloaded automatically by way of Apple's Software Update tool or manually from the Apple Downloads site.