Apple Patches OS X Flaws

By Ian Betteridge  |  Posted 2005-07-13

Apple Computer Inc. has released an update for its Mac OS X 10.4 operating system that fixes two security flaws, including one that potentially opened the platform up to a denial-of-service attack.

Mac OS X Update 10.4.2 addresses an issue with the operating systems TCP/IP stack, which allowed a specially formed TCP/IP packet to cause a kernel panic, requiring the system to be rebooted. Apple notes that systems with many forms of TCP/IP filtering would be unaffected by the issue, which only affects Mac OS X 10.4 Tiger and Mac OS X Server 10.4.

The update also fixes a potential issue with Dashboard, in which third-party Widgets were allowed to replace Apple-supplied ones that are shipped with OS X 10.4. This could have meant that users were not aware that they were running third-party code, which, in turn, could have led to users trusting behaviour from the Widget that they would not otherwise accept. The update alerts users if a download is replacing an Apple-supplied Widget.

The update, which is available through Mac OS Xs Software Update system as well as via a download from Apples Web site, also features a plethora of bug fixes and minor feature improvements for Tiger and its associated applications. Support for AES (Advanced Encryption Standard) encryption in WPA-PSK (Wi-Fi Protected Access Pre-shared Key) wireless networks is added, and support for WPA2 encryption is also improved.

Apple also fixed various bugs in Mail, iChat AV, Safari and the Finder, and made improvements to .Mac syncing after changing network locations.

For Mac OS X Server, the update also includes fixes relating to file permission inheritance when using AFP file services, improved support for Open Directory and Windows Server 2003 Active Directory, and more reliable file system management operations.

Check out eWEEK.coms for the latest news, reviews and analysis on Apple in the enterprise.

Rocket Fuel