The fix corrects occasions when viewing certain Tagged Image File Format (TIFF) images could cause in an application crash or arbitrary code execution. The system now will further validate such images to ensure they are not malformed.
The update also ensures users searching in the Apple Filing Protocol (AFP) server can only view files and folders to which they have authorized access.
In addition, a flaw that allows remote attackers to cause the Open Directory server to crash by crafting a bogus Lightweight Directory Access Protocol (LDAP) is corrected. The update invalidates such requests.
The update corrects a problem in ClamAntiVirus’ automatic database that allows attackers to cause a stack-based buffer overflow during the updating process.
Finally, a format string vulnerability in the "setuid" program may allow users elevated privileges. The update fixes the issue by further validating logging messages.
_(5).jpg&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
Private AI vs Public AI: How your organisation can securely adopt AI without compromise and excessive cost
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
