Apple Tries to Plug Holes in Mac OS X Security

Mega-patch addresses more than 40 security holes.

Apple issued a security update late Tuesday to plug dozens of security holes in both the client and server versions of Mac OS X 10.4.9.

The patches address both vulnerabilities in Apples own software and a number of third-party components. Among the most potentially serious vulnerabilities lies in the processing disk images that could allow an attacker to remotely execute malicious code.

/zimages/2/28571.gifClick here to read more about the Month of Apple Bugs.

"By enticing a local user to open a maliciously crafted disk image, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution," Apple states in its advisory.

The damage of other flaws addressed in the patch, however, is less severe, and could only be used to cause a system crash. The update fixes a number of flaws exposed in Januarys Month of the Apple Bugs and last Novembers Month of the Kernel Bugs projects.

In addition to the Mac OS X patch, Apple issued a second update Tuesday to fix a bug in iPhoto dealing with the photocast feature. An attacker could create a malicious photocast that would compromise a Mac when opened by a user, the company said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.