The latest security update for the Mac operating system patches ten critical holes, ranging from potential privilege elevation to arbitrary code execution.
Mac OS users should get the latest security update from Apple to correct ten security flaws. All of the flaws poses serious problems to Mac users.
The most critical of the group will be an arbitrary code execution vulnerability via a carefully crafted malicious GIF image. The Mac OS ImageIO component, which figures in the Safari browser and several other parts of the operating system, could be subject to a buffer overflow attack.
A successful overflow condition could bring along arbitrary code to execute on the system. Apple has noted that the update will perform additional validation of images. Also, auto-reply rules used in Mail could result in the unencrypted contents of an encrypted message being send along with the automated response.
In version 10.3.9 of the Mac OS, the Safari browser contains a vulnerability to cross-site scripting. Certain malicious web archives could have their contents rendered as those of a legitimate site. Though this problem was fixed in Mac OS X 10.4.2, users who are still on the older OS need to update Safari.
Apple’s OS, like Mozilla’s Firefox browser, had been thought much more secure that Windows and its notorious multitude of system and security updates. But as more usage and attention has been paid to the Mac and to Firefox, their ‘security through obscurity’ seems to be fading.
Both organizations have been plagued with the same problems as their related brethren from Microsoft, Windows and Internet Explorer. In the case of the latter, a recent study disclosed by Symantec claimed more vulnerabilities were found for Firefox than for IE through the first half of 2005.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
