August 25, 2010

Apple releases OS X update, fixes 13 flaws

Apple on Tuesday issued an update to Mac OS X to fix 13 vulnerabilities, including one that is similar to the “jailbreak” flaw already patched in its mobile operating system.

The update affects client and server versions of Mac OS X 10.5 (Leopard) and 10.6 (Snow Leopard).

It includes a fix for a stack buffer overflow bug in Apple Type Services' handling of embedded fonts, which may lead to arbitrary code execution, according to Apple's advisory. The vulnerability could be exploited if a user is tricked into viewing or downloading a document containing a maliciously crafted embedded font.

The flaw is similar to a vulnerability patched earlier this month in Apple's mobile operating system, iOS, that was exploited to jailbreak iPhone, iPad and iPod Touch devices, researchers at Mac security firm Intego wrote in a blog post Wednesday.

The update also includes fixes for bugs in several other OS X components, including CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP and Samba. Those vulnerabilities could allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or impersonate hosts within a domain, according to an advisory posted Wednesday by US-CERT.

This is the fifth OS X security update this year.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.