Apple Tries to Plug Holes in Mac OS X Security
Apple issued a security update late Tuesday to plug dozens of security holes in both the client and server versions of Mac OS X 10.4.9.
The patches address both vulnerabilities in Apples own software and a number of third-party components. Among the most potentially serious vulnerabilities lies in the processing disk images that could allow an attacker to remotely execute malicious code.
"By enticing a local user to open a maliciously crafted disk image, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution," Apple states in its advisory.
The damage of other flaws addressed in the patch, however, is less severe, and could only be used to cause a system crash. The update fixes a number of flaws exposed in Januarys Month of the Apple Bugs and last Novembers Month of the Kernel Bugs projects.
In addition to the Mac OS X patch, Apple issued a second update Tuesday to fix a bug in iPhoto dealing with the photocast feature. An attacker could create a malicious photocast that would compromise a Mac when opened by a user, the company said.