July 01, 2008

Apple delivers fourth Mac OS X update of year

Apple on Monday released Mac 0S x 10.5.4, which includes patches for 25 security holes, many of which could be exploited to execute arbitrary code.

The flaws -- rated "highly critical" by tracking firm Secunia -- are spread out across a number of operating system components: Alias Manager, Core Types, C++filt, Dock, Launch Services, Net-SNMP, Ruby, SMB File Server, System Configuration, Tomcat, VPN and WebKit.

The largest number of holes -- nine -- reside in Tomcat, an application server that that executes Java programs used to create dynamic web pages. Additionally, the update fixed six flaws in the open-source Ruby programming language.

Apple additionally plugged a memory corruption vulnerability relating to the handling of JavaScript in Safari 3.

Apple apparently did not fix a vulnerability in its ARDAgent (Apple Remote Desktop) that allows programs to run as root due to an error in the processing of AppleScripts, a Mac programming language. The hole gave rise to an alleged in-the-wild trojan.
Related Articles
Related Topics
Related Links
close

Next Article in News

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.