43 Flaws Fixed in Mac OS X, QuickTimeBy Ryan Naraine | Posted 2006-05-12 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Apple ships two separate updates to fix serious code execution holes affecting Mac OS X and the QuickTime media player.
Apple Computer's security update train rumbled into the station late May 11 with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities.
The company's Security Update 2006-003 patches 31 flaws in the Mac OS X, most of them serious enough to cause "arbitrary code execution attacks."
Apple also shipped QuickTime 7.1 as a major security overhaul to correct 12 code execution and denial-of-service flaws.
The Mac OS X mega update includes patches for Apple's flagship Safari browser and Mail client.
According to the advisory, the Safari fix covers a flaw that could allow file manipulation or code execution if a user is lured to a maliciously rigged Web site.
In Mail, Apple said the bug could allow harmful code execution if a user is tricked into viewing a malicious e-mail message.
"By preparing a specially crafted e-mail message with MacMIME encapsulated attachments, an attacker may trigger an integer overflow. This may lead to arbitrary code execution with the privileges of the user running Mail," the company said.
Read the full story on eWEEK.com: 43 Flaws Fixed in Mac OS X, QuickTime