Apple Patches Critical OS X FlawsBy Matt Hines | Posted 2006-06-28 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
A security update addresses multiple issues in Apple's flagship OS X operating system that could allow hackers to remotely take control of affected machines.Apple's latest version of its Mac OS X operating system, released June 27, promises to patch a series of serious security vulnerabilities that could allow hackers to take control of computers running the software.
The computer maker has forwarded Mac OS X Version 10.4.7 to its users, which addresses five individual security issues present in the operating system since its original 10.4 release. Earlier versions of OS X were not affected by the vulnerabilities, the company said. The update specifically addresses problems present in Mac OS X 10.4 through 10.4.6, as well as in Mac OS X Server 10.4 through 10.4.6.
Several security companies ranked the OS X glitches reported by Apple as critical, including Symantec in the United States and the French Security Incident Response Team. Apple representatives said that there have been no reported exploits related to the flaws.
The first problem detailed by Apple involves an error in the software's AFP (AppleTalk Filing Protocol) server code, the client/server file-sharing protocol used in the company's AppleTalk networking technology. Present when the AFP server is being used to display search results, the company said the issue could be exploited remotely by outsiders to disclose the names of certain files and folders stored on machines running affected versions of the OS.
The second vulnerability reported by Apple addresses a stack overflow error in the OS X ImageIO feature, which is used for handling images. When being used to process malformed TIFF image files, systems running the program could have their desktop applications shut down or made vulnerable to attacks that use a specially crafted TIFF image to deliver themselves.
The third flaw addressed in the update is linked to an error in the OS X OpenLDAP server code that fails to properly handle invalid LDAP requests and could be remotely exploited to cause denial-of-service attacks, Apple said.
Read the full story on eWEEK.com: Apple Patches Critical OS X Flaws