Apple on Thursday released 13 patches, fixing 17 vulnerabilities in Mac OS X.
The flaws exist in OS X versions 10.3.9 and 10.4.9 and OS X Server versions 10.3.9 and 10.4.9.
An iChat flaw that can be exploited to cause a DoS attack or arbitrary code execution was fixed as well, according to Apple’s advisory.
Also patched was a cryptographic weakness in fetchmail that could lead to the disclosure of passwords, according to Apple.
An Apple representative could not immediately be reached for comment today.
Secunia, in an advisory released today, ranked the group of flaws as "highly critical," due to hackers’ ability to exploit them for the exposure of sensitive information, privilege escalation, DoS attacks and system access.
VeriSign iDefense reported that an anonymous researcher reported one of the flaws to its lab, a plugin loading privilege escalation flaw in PPP.
The flaw exists due to insufficient access validation when processing the plugin command line option, according to an iDefense advisory.
For exploitation, an attacker must obtain local access to the victim’s system, according to iDefense.
Apple was first notified of the flaw on Jan. 8, according to iDefense.
Greg MacManus, senior research analyst at VeriSign iDefense, told SCMagazine.com today that the flaw in CoreGraphics could cause problems for end users duped by social engineering attacks.
"It could appear to be from a trusted source, so you might be more likely to open that then other files," he said, adding that it could be used for system takeover in combination with other files.
"Clearly the potential for a public exploit is there, and (hackers) are able to turn that around and exploit it fairly quickly," he said. "The knowledge that it exists could lead researchers to create their own versions of the exploit."
Apple credited Michael Lynn of Juniper Networks for reporting the flaw.
Get more IT security news. Click here for SC Magazine Blogs.