Patch/Configuration Management, Vulnerability Management

Apple releases OS X update, fixes 13 flaws

Apple on Tuesday issued an update to Mac OS X to fix 13 vulnerabilities, including one that is similar to the “jailbreak” flaw already patched in its mobile operating system.

The update affects client and server versions of Mac OS X 10.5 (Leopard) and 10.6 (Snow Leopard).

It includes a fix for a stack buffer overflow bug in Apple Type Services' handling of embedded fonts, which may lead to arbitrary code execution, according to Apple's advisory. The vulnerability could be exploited if a user is tricked into viewing or downloading a document containing a maliciously crafted embedded font.

The flaw is similar to a vulnerability patched earlier this month in Apple's mobile operating system, iOS, that was exploited to jailbreak iPhone, iPad and iPod Touch devices, researchers at Mac security firm Intego wrote in a blog post Wednesday.

The update also includes fixes for bugs in several other OS X components, including CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP and Samba. Those vulnerabilities could allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or impersonate hosts within a domain, according to an advisory posted Wednesday by US-CERT.

This is the fifth OS X security update this year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.