toggle

AAPL Stock: 100.96 ( -0.83 )

Printed from http://www.macnn.com

Apple releases Tiger, Leopard security updates

updated 06:15 pm EST, Thu February 12, 2009

Apple security updates

Apple has released several security updates for Mac OS X Leopard, Server, Tiger Intel and Tiger PowerPC. A variety of vulnerabilities have been addressed, including a potential issue with the AFP Server that could lead to an infinite loop or denial of service on systems running OS X 10.5.6. For all operating systems, the Apple Pixlet Video code has been corrected to prevent a maliciously crafted movie file from executing arbitrary code.

A memory corruption issue had existed regarding the Resource Manager's handling of resource forks, allowing code to close an application or execute arbitrary code. The update improves the validation of resource forks to remedy the problem.

Several CFNetwork vulnerabilities have been addressed, restoring the proper operation of session cookies and cookies with null expiration times. The Certificate Assistant will no longer allow a local user to overwrite files with the privileges of another user who is running Certificate Assistant, although the problem only existed with OS X 10.5 and higher.

The update also fixes several issues with ClamAV 0.94, affecting only the Mac OS X Server systems. CoreText code has been corrected to protect against arbitrary code execution when viewing malicious Unicode content on systems running Mac OS X 10.5 or higher systems, including Server.

The CUPS web interface now properly handles RSS subscriptions to prevent against attacks, while DS Tools will no longer expose passwords to other local users. Vulnerabilities have also been addressed with fetchmail, Folder Manager, FSEvents, Network Time and perl.

An issue in csregprinter previously allowed users to obtain system privileges in the event of a heap buffer overflow, although the error handling has been improved to correct the problem. The company also addressed an uninitialized buffer issue in the Remote Apple Events server that now prevents the disclosure of memory contents to network clients.

The Safari RSS feed handling had allowed the execution of arbitrary JavaScript in the local security zone, but the embedded JavaScript within the feed has since been improved. Apple also patched vulnerabilities that existed within python, servermgrg, SMB, SquirrelMail, X11 and XTerm.

The security updates are available from the support downloads page on Apple's website. File sizes range from 43MB to 213MB depending on the particular operating system.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Autodesk Smoke 2015

Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

toggle

Most Commented