Apple Ships Mac OS X Kernel, Browser Patches

 
 
By Ryan Naraine  |  Posted 2005-04-18
 
 
 

Apple Computer Inc. has shipped an update for its flagship Mac OS X operating system to address a range of security holes, including a code execution flaw in the Safari Web browser.

The Cupertino, Calif.-based computer maker said the vulnerabilities could be exploited to put users at risk of security Bypass, privilege escalation, denial-of-service and system access attacks.

IT-security services firm Secunia has slapped a "moderately critical" advisory rating on the flaws and urged users to apply the Mac OS X 10.3.9 update.

According to an advisory from Apple, the updates corrects seven kernel errors and a Safari browser hole that could allow the remote execution of harmful code.

The Safari vulnerability could allow remote Web sites to load JavaScript to execute in the local domain.

The update also addresses an input validation error in the kernel "syscall" emulation functionality when handling input parameter lists. This can cause denial-of-service conditions if exploited by malicious local users.

Apple also fixed an error in the kernel that could allow the installation or creation of "SUID/SGID" scripts, which can be exploited by malicious, local users to gain escalated privileges.

Click here to read the article: Mac OS X Patch Includes IDN Browser Fix.

The Mac OS X fix also corrects several unrelated kernel errors that could lead to denial-of-service or privilege escalation attacks.

Check out eWEEK.coms for the latest news, reviews and analysis on Apple in the enterprise.

Rocket Fuel