Intel-Mac security flaw

Apple's Mac OS X 10.4.6 update, released on Monday, fixes an important security issue for Intel-based Macs. Along with a slew of other bug fixes, Apple said that the latest update fixes an issue that could allow the firmware password to be bypassed on Intel-based Macs. "Prior to this update, a person with physical access to the computer could bypass the firmware password and access the "Single User Mode". According to Apple, this problem did not affect PowerPC-based Macs. This update addresses the issue by enhancing the security provided by the firmware password." In addition the update fixed problems with login and authentication in a variety of network environment, AFP file sharing, connecing to Cisco VPN servers using IP/Sec, Bluetooth wireless devices, and problems searching iWork '06 and Microsoft Office documents when using Spotlight. [updated]

In addition, the update resolves a flaw that could crash a variety of applications. Security Protocols today reported that the Mac OS X 10.4.6 update fixes a security flaw where a malformed .tiff image file could crash Preview, Finder, QuickTime, and Safari because the LZWDecodeVector() function does not properly parse the malformed data.

by MacNN Staff