AAPL Stock: 129.81 ( -0.61 )

Printed from

Apple releases Tiger, Leopard security updates

updated 06:15 pm EST, Thu February 12, 2009

Apple security updates

Apple has released several security updates for Mac OS X Leopard, Server, Tiger Intel and Tiger PowerPC. A variety of vulnerabilities have been addressed, including a potential issue with the AFP Server that could lead to an infinite loop or denial of service on systems running OS X 10.5.6. For all operating systems, the Apple Pixlet Video code has been corrected to prevent a maliciously crafted movie file from executing arbitrary code.

A memory corruption issue had existed regarding the Resource Manager's handling of resource forks, allowing code to close an application or execute arbitrary code. The update improves the validation of resource forks to remedy the problem.

Several CFNetwork vulnerabilities have been addressed, restoring the proper operation of session cookies and cookies with null expiration times. The Certificate Assistant will no longer allow a local user to overwrite files with the privileges of another user who is running Certificate Assistant, although the problem only existed with OS X 10.5 and higher.

The update also fixes several issues with ClamAV 0.94, affecting only the Mac OS X Server systems. CoreText code has been corrected to protect against arbitrary code execution when viewing malicious Unicode content on systems running Mac OS X 10.5 or higher systems, including Server.

The CUPS web interface now properly handles RSS subscriptions to prevent against attacks, while DS Tools will no longer expose passwords to other local users. Vulnerabilities have also been addressed with fetchmail, Folder Manager, FSEvents, Network Time and perl.

An issue in csregprinter previously allowed users to obtain system privileges in the event of a heap buffer overflow, although the error handling has been improved to correct the problem. The company also addressed an uninitialized buffer issue in the Remote Apple Events server that now prevents the disclosure of memory contents to network clients.

The Safari RSS feed handling had allowed the execution of arbitrary JavaScript in the local security zone, but the embedded JavaScript within the feed has since been improved. Apple also patched vulnerabilities that existed within python, servermgrg, SMB, SquirrelMail, X11 and XTerm.

The security updates are available from the support downloads page on Apple's website. File sizes range from 43MB to 213MB depending on the particular operating system.

by MacNN Staff





Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

OmniPlan (OS X, iOS)

We reviewed the Omni Group's most famous Mac software, a To Do app called OmniFocus, back in June 2014, and we were impressed. Some o ...

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...


Most Commented