Patch/Configuration Management, Vulnerability Management

OS X firmware flaw fixed

Apple this week issued its third security update of the year, this one correcting a flaw in firmware that could allow some Mac OS X user passwords to be bypassed.

Intel-based Macs support the password feature in firmware, which is software contained in read-only memory that controls system hardware.

"Prior to this update, a person with physical access could bypass the firmware password and access single-user mode," said Apple's advisory. "This update addresses the issue by enhancing the security provided by the firmware password."

The update also addresses about 35 other system and application faults.

Among the other flaws are the operating system's failure to respond when a user tries to log in as a FireVault-protected user if the protected home image file has been damaged or moved. Mail also unexpectedly quits when a user lowers the quote level within a reply message and iChat stops video display until the computer is restarted.

A user can install the new content via the "Software Update" preference or from Apple Downloads on the company website.

The security announcement came just days after the Cupertino, Calif., computing giant celebrated its 30th anniversary on April 1.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.